April’s Patch Tuesday brings us several, security-related, Microsoft Office updates and some small changes in UX and accessibility. In addition, Microsoft has also announced the much-needed retirement of the “legacy”, non-Chromium-based Edge Browser. The changes will come into effect at 10:00 PST. The decision to remove EdgeHTLML, by actively replacing it with Chromium, following the March end-of-support Edge announcement. At the same, Microsoft has encouraged organizations and consumers to upgrade to the latest Edge version.

April Patch Tuesday Highlights

On the 6th of April, Microsoft has pushed the KB4486672 update for Office Standard 2016, Office Professional 2016, Office Professional Plus 2016, Office Home and Business 2016, and Office Home and Student 2016.

As Askwoody’s MS-DEFCON columnists pointed out, Office 2016 was the only EOS MS product to receive an update. We would like to remind the users that Microsoft officially ended mainstream support for the 2016 business and home versions of Office on the 13th of October 2016. End of Support is scheduled for the 14th of October 2025. As expected, the vendor encourages all clients running any of the above-mentioned products to deploy the update as soon as possible.

So far, there’s just one issue associated with the KB4486672 deployment. Some users (i.e., Microsoft has yet to disclose if the issue predominantly affects home or enterprise end-users) might experience Office application stability or non-responsiveness issues. Microsoft stated that the problem lies in the registry code writing process and proposes the following fix:

  • Download the KB4486672 update manually and execute the .msi pack. Alternatively, you can use Microsoft’s Update Center to automatically download and deploy the pack.
  • Run Regedit.msc with administrative rights.
  • Navigate to HKEY_CURRENT_USERS\Software\Microsoft\Office\16.0\General.
  • Find the value EnableAdvancedRegistryHangDetection.
  • Set value type to DWORD and Value data to 1. Save changes.

Note: if you are unable to locate the General key in 16.0, you will need to create one. When you’re done, define EnableAdvancedRegistryHangDetection under General by right-clicking on the right panel, highlighting new, and left-clicking on the DWORD button.

As mentioned in the intro, Patch Tuesday also delivers several UX and accessibility improvements. To name a few, as of the April roll, Microsoft fixed an issue with the zoom function that appears when a user utilizes the Microsoft Edge IE Mode on a multi-mon high DPI setup.

In addition, MS also fixed a minor HDR-related issue that made the display appear darker. Some child account-related issues were patched – users are now notified when a child account defined in the Family Safety section attains and\or requests administrative privileges. Last, but not least, Microsoft also fixed an OneDrive syncing issue that caused the endpoint to stop working if the user would delete files or folders currently in use by OneDrive.

Edge’s anticipated retirement will impact most Windows 10 versions, from build 1803, released in April 2018, all the way to the 20H2 build. Microsoft’s decision to discontinue support for Microsoft Edge and replace the EdgeHTML rendering engine with the Chromium, open-source project, is a sound one and should facilitate the web development process as well as eliminating any disparities in web compatibility. Chromium updates will not impact users running Windows 7, Windows 8.0, or Windows 8.1.

Additional Security Tips

We always encourage our readers and customers to deploy every security and non-related security update in a timely manner. Here are some other things you can try in order to increase your overall security.

#1. Ensure that all Edge related updates are deployed correctly when using a private WSUS server.

To enforce the update all across your endpoint network, make sure that the new Edge version has been added to your WSUS catalog. Please refer to Microsoft’s Edge Management for additional information and instruction on how to deploy Edge with WSUS.

#2. Use legitimate means to deploy security updates.

Only download and install Windows Updates from known and legit sources like MS’s Update Center or MS’s official website. If you receive emails urging you to install critical Windows updates, please disregard and delete the email.  Clicking on any of the links enclosed in such messages could lead to debilitating virus infections or even ransomware.

Heimdal™ Security recommends a safe and automatic updating and patching solution to prevent these fraudulent attempts. Patch & Asset Management is your one-stop, fully automated updating and patching toolbox that empowers you to download, install, and configure any 3rd party, MS, or updates for proprietary software.

#3. Restore points.

Before deploying the new updates, don’t forget to create restore points. No major issues have been reported so far, but better safe than sorry. Creating a restore point is easy and can save you from a lot of trouble if something goes wrong during an update.

Parting thoughts

Edge is dead, long live, well, Edge. April’s patching bout isn’t as ‘meaty’ as the one in March, but still crucial to your endpoint’s wellbeing. As always, stay safe, subscribe to Heimdal’s newsletter for more cybersecurity awesomeness, and shot me an email if you have any more questions.

Leave a Reply

Your email address will not be published. Required fields are marked *