EVS Security Updates on XZ Vulnerability

More information here

 
Potential Impact of February and March 2024 Microsoft Patches

Dear Valued Customers,

We wish to inform you of a critical update regarding the recent Microsoft patch released in February and March 2024. Our support team has identified that  update of February may inadvertently deactivate specific firewall rules within your system. 

The deactivation of these firewall rules could potentially impact your system and the workflow by blocking legitimate traffic . As such, we strongly advise exercising caution when installing the February 2024 Microsoft patch.

At the moment, we have detected the following rules deactivated on XSQUARE: 

  • TCP/1433 : sqlsrv.exe
  • TCP/8999: xsquare.scanfolder.exe

The actual workaround is to reactivate the rules manually and allow the traffic on the two ports. 

According to several reports from administrators and users, KB5035849 (March 2024)  will not install when checking online for updates via Windows and Microsoft update servers. 

Affected systems include those running Windows Server 2019 or Windows 10 Enterprise LTSC 2019, which have reached their mainstream end-of-support date on January 9 and are under extended support for five more years until January 2029. 

To mitigate any potential risks associated with this update, we strongly recommend following our monthly security bulletin. Our team diligently assesses the impact of all software updates on our products and provides detailed guidance on how to proceed with patch installations to ensure the continued security and stability of your systems.

As a reminder, we also strongly recommend to apply extra security measures like micro-segmentation. The EVS Shield implements Zero Trust and micro-segmentation principles in broadcast networks. More information can be found below.