Manualshelf

White Papers

ManualsBrandsDell ManualsCloudLink SecureVMHybrid Cloud System for Microsoft
12345678910
6 Dell Hybrid Cloud System for Microsoft Cloud Platform System Standard
Update 2001Summary
Update 2001 for CPS Standard includes updates for Windows Server. This update includes the following
components:
2001 update. This is the main package. It can contain Windows Server, System Center, and SQL Server
updates. (See payload details in Appendix A.)
IMPORTANT: Update 1905 is a prerequisite for installing this update.
IMPORTANT: The OEM OOB (Out-of-Band Management) web interface may not work correctly after applying
P&U 1706 (or higher). See the troubleshooting section at the end of this document for
workarounds/resolution.
IMPORTANT: Security advisory related to IE, for implementation guidelines (not implemented by P&U):
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001
IMPORTANT: Security advisory related to ActiveX in IE, for implementation guidelines (not implemented by
P&U): https://technet.microsoft.com/library/security/3118753
For detailed update payload information, see Chapter 5.
Additional update information
Update 1804 (and higher) includes configuration changes to support KB# 4093492, which impacts CredSSP
authentication protocol and RDP functions. All servers in a CPS environment are now forcing the registry key
“HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\AllowEncryptio
nOracle” to a value of “1”. See KB# 4093492 for any impacts to your environment
Update 1808 (and higher) includes configuration changes to support KB# 4072698, the
FeatureSettingsOverride registry setting is set to “8”. This setting enables mitigations around Speculative
Store Bypass (CVE-2018-3639) together with mitigations around Spectre Variant 2 (CVE-2017-5715 "Branch
Target Injection") and Meltdown (CVE-2017-5754) through the following registry settings (because they are
not enabled by default).
Update 1909 (and higher) includes configuration changes to support KB# 4072698, the
FeatureSettingsOverride registry setting is set to “72”. This setting enables mitigations for microarchitectural
Data Sampling (CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130) along with Spectre [
CVE-2017-5753 & CVE-2017-5715 ] and Meltdown [ CVE-2017-5754 ] variants, including Speculative Store
Bypass Disable (SSBD) [ CVE-2018-3639 ] as well as L1 Terminal Fault (L1TF) [ CVE-2018-3615, CVE-2018-
3620, and CVE-2018-3646 ]
All instructions on installing this update are included in this guide.