MC715656 – An updated version of the February 2024 security update Scan Cab for Windows Server Update Services is available (archived)

Product:

Windows, Windows Server

Platform:

World tenant, Windows Desktop

Status:

Change type:

Admin impact

Links:

Details:

IMPORTANT: this notice only affects environments where:
This notice only affects environments where Scan Cab is used to check for update compliance.
The Scan Cab for the February 2024 security update was deployed before 4:00 PM PST on February 13, 2024.

An updated version of the Scan Cab for the February 2024 security update was made available at approximately 4:00 PM PST on February 13, 2024 for all Windows versions. This replaces the Scan Cab which was released for that same update earlier that day, at 10:00 AM PST.

The new Scan Cab addresses CVE-2024-21397 for Microsoft Azure File Sync Elevation of Privilege Vulnerability. See the additional information section of this message for details.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2024-02-14

updated:
2024-02-14

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

Direct effects for Operations**

- Impact on IT Operations
- Potential downtime during the re-deployment of the updated Scan Cab, which may disrupt update compliance checks.
- Roles impacted: IT Operations Managers, System Administrators
- Increased workload for IT staff to verify and re-deploy the updated Scan Cab, leading to resource allocation issues.
- Roles impacted: IT Administrators, Support Technicians

- Impact on IT Services
- Risk of non-compliance with security updates if the updated Scan Cab is not deployed promptly, potentially exposing systems to vulnerabilities.
- Roles impacted: Security Officers, Compliance Managers
- Possible delays in the deployment of other critical updates due to the focus on the Scan Cab re-deployment.
- Roles impacted: IT Service Managers, Change Managers

- Impact on IT Users
- Users may experience delays in receiving necessary updates, leading to potential security risks and performance issues on their systems.
- Roles impacted: End Users, Department Managers
- Increased support requests from users experiencing issues related to the update compliance checks or system performance.
- Roles impacted: Help Desk Staff, User Support Specialists

- Dependencies and Interdependencies
- Other applications that utilize Scan Cab may also require updates or adjustments, leading to a cascading effect on multiple systems.
- Roles impacted: Application Owners, Software Development Teams
- Integration with existing update deployment tools may need to be reviewed and tested to ensure compatibility with the new Scan Cab.
- Roles impacted: IT Architects, Systems Integrators

- Communication and Documentation
- Need for clear communication to all stakeholders about the change, including timelines and potential impacts, to ensure smooth operations.
- Roles impacted: IT Project Managers, Communication Officers
- Documentation updates may be required to reflect the changes in the update process and any new procedures for IT staff.
- Roles impacted: IT Documentation Specialists, Knowledge Management Teams

References:
- [CVE-2024-21397: Details on the vulnerability addressed in the new Scan Cab](https://msrc.microsoft.com/update-guide/advisory/CVE-2024-21397)
- [Using WUA to Scan for Updates Offline - Win32 apps | Microsoft Docs](https://learn.microsoft.com/windows/win32/wua_sdk/using-wua-to-scan-for-updates-offline)
- [Announcing a smaller WSUS Scan Cab - Microsoft Tech Community](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/announcing-a-smaller-wsus-scan-cab/ba-p/2928256?msclkid=256145ccd0c011ec9266b53af8d0aca1)

Opportunities**

- Implement automated monitoring and alerting for Scan Cab updates
- Opportunity: Set up automated systems to monitor for updates to the Scan Cab and alert IT administrators when new versions are available. This will ensure timely deployment and compliance.
- Roles benefiting: IT Administrators, Security Teams
- Reference: [Using WUA to Scan for Updates Offline](https://learn.microsoft.com/windows/win32/wua_sdk/using-wua-to-scan-for-updates-offline)

- Review and optimize WSUS configurations
- Opportunity: Conduct a review of WSUS configurations to ensure optimal performance and compliance with the latest updates, including the new Scan Cab. This can help reduce bandwidth usage and improve update deployment times.
- Roles benefiting: IT Administrators, Network Engineers
- Reference: [WSUS and the Catalog Site](https://learn.microsoft.com/windows-server/administration/windows-server-update-services/manage/wsus-and-the-catalog-site)

- Enhance documentation and training for IT staff on Scan Cab processes
- Opportunity: Create or update training materials and documentation regarding the Scan Cab process and its implications for security updates. This will improve the knowledge base of IT staff and ensure compliance with best practices.
- Roles benefiting: IT Administrators, Training Coordinators
- Reference: [Announcing a smaller WSUS Scan Cab](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/announcing-a-smaller-wsus-scan-cab/ba-p/2928256?msclkid=256145ccd0c011ec9266b53af8d0aca1)

- Assess third-party applications utilizing Scan Cab
- Opportunity: Review any non-Microsoft applications that may utilize Scan Cab for update compliance. This will help identify potential vulnerabilities and ensure that all applications are updated accordingly.
- Roles benefiting: IT Administrators, Application Support Teams
- Reference: CVE-2024-21397 details [here](https://msrc.microsoft.com/update-guide/advisory/CVE-2024-21397)

- Streamline the re-deployment process for updated Scan Cab
- Opportunity: Develop a streamlined process for re-deploying the updated Scan Cab to minimize downtime and ensure that all systems are compliant with the latest security updates.
- Roles benefiting: IT Administrators, Operations Teams
- Reference: [Updated Scan Cab: Download the new Scan Cab here](https://go.microsoft.com/fwlink/?LinkID=74689)

Potentional Risks**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

Hypothetical Work Council Statement**

XXXXXXX ... paid membership only

DPIA Draft**

XXXXXXX ... paid membership only