Microsoft on Tuesday launched a tightly centered however nonetheless vital replace that addresses 68 reported (some publicly) vulnerabilities. Sadly, this month brings a brand new document: six zero-day flaws affecting Home windows. Consequently, now we have added each the Home windows and Trade Server updates to our “Patch Now” schedule. Microsoft additionally revealed a “protection in depth” advisory (ADV220003) to assist safe Workplace deployments. And there are a small variety of Visible Studio, Phrase, and Excel updates so as to add to your customary patch launch schedule.
You could find extra data on the dangers of deploying these Patch Tuesday updates in our infographic.
Identified points
Every month, Microsoft features a record of identified points that relate to the working system and platforms included on this replace cycle. There are two main reported points with Home windows 11 — each associated to deploying and updating Home windows 22H2 machines:
- Customers updating to Home windows 22H2 and the replace or the Out of Field Expertise could not full efficiently. Provisioning packages utilized throughout preliminary setup are probably to be affected. For extra data, see Provisioning packages for Home windows.
- Community transfers of huge (multi-gigabyte) recordsdata may take longer than anticipated to complete on the most recent model of Home windows 11. You usually tend to expertise this problem copying recordsdata to Home windows 11 22H2 from a community share through Server Message Block (SMB), however native file copy may additionally be affected.
Along with these points, Microsoft SharePoint Server has skilled two points with the November and September updates:
- Internet Half Pages Internet Service strategies could also be affected by the September 2022 safety replace. For extra data, see KB5017733.
- Some SharePoint 2010 workflow situations could also be blocked. For extra data, see KB5017760.
Main revisions
Technically talking, Microsoft revealed eight revisions this month, all for the Chromium Edge browser. In follow, these “revisions” had been customary updates to the Microsoft Edge browser and have been included in our Browser part. No different revisions to earlier patches or updates had been launched this month.
Mitigations and workarounds
A single work-around has been revealed for the November Patch Tuesday:
- CVE-2022-37976: Energetic Listing Certificates Companies Elevation of Privilege Vulnerability. A system is weak provided that each the Energetic Listing Certificates Companies position and the Energetic Listing Area Companies position are put in on a server within the community. Setting LegacyAuthenticationLevel – Win32 apps | Microsoft Docs to five= RPC_C_AUTHN_LEVEL_PKT_INTEGRITY may defend most processes on the machine towards this assault. For extra data see the next part on Setting System-Extensive Safety Utilizing DCOMCNFG.
No different mitigations or workarounds for Microsoft platforms had been launched.
Every month, the Readiness staff analyzes the patches utilized to Home windows, Microsoft Workplace, and associated know-how/improvement platforms. We take a look at every replace, the person modifications and the potential affect on enterprise environments. These testing situations provide some structured steering on tips on how to greatest deploy Home windows updates to your setting.
Excessive Danger: This month, Microsoft didn’t report any high-risk performance modifications, that means it has not up to date nor made main modifications to core APIs, performance or any of the core elements or functions included within the Home windows desktop and server ecosystems.
Extra typically, given the broad nature of this replace (Workplace and Home windows), we recommend testing the next Home windows options and elements:
- Hyper-V Replace: a easy take a look at of beginning and stopping VMs and remoted containers will suffice for this minor replace.
- Microsoft PPTP VPN: train your typical VPN situations (join/disconnect/restart) and attempt to simulate a disruption. Opposite to earlier suggestions, no prolonged trials are required.
- Microsoft Picture App: make sure that your RAW picture extensions work as anticipated.
- Microsoft ReFS and ExFat: a typical CRUD take a look at (Create/Rename/Replace/Delete) will suffice this month.
There have been a number of updates to how group insurance policies are carried out on Home windows platforms this month. We recommend spending a while guaranteeing that the next options are working:
- GPO coverage creation/deployment and deletion.
- Modifying GPO insurance policies, with a validation examine to see whether or not these up to date insurance policies have been utilized to your complete OU.
- Be certain that all symbolic hyperlinks are working as anticipated (redirects to person knowledge).
And, with all testing regimes required when making modifications to Microsoft GPOs, bear in mind to make use of the “gpupdate /power” command to make sure that all modifications have been dedicated to the goal system.
Who makes use of the Home windows Overlay Filter Function?
System engineers, that is who. When you have needed to construct shopper machines for big automated enterprise deployments you might have to work with the Home windows Overlay Filter (WoF) driver for WIM boot recordsdata. WoF permits for considerably higher compression ratios of set up recordsdata and was launched in Home windows 8. In case you are in the midst of a big client-side deployment effort this month, make sure that your WIM recordsdata are nonetheless accessible after the November replace. When you’re on the lookout for extra data on this key Home windows deployment characteristic, take a look at this weblog submit on WoF knowledge compression.
Until in any other case specified, we must always assume that every Patch Tuesday replace would require testing of core printing capabilities together with:
- printing from straight related printers;
- giant print jobs from servers (particularly if they’re additionally area controllers);
- distant printing (utilizing RDP and VPN).
Every month, we break down the replace cycle into product households (as outlined by Microsoft) with the next fundamental groupings:
- Browsers (Microsoft IE and Edge);
- Microsoft Home windows (each desktop and server);
- Microsoft Workplace;
- Microsoft Trade Server;
- Microsoft Growth platforms ( ASP.NET Core, .NET Core and Chakra Core);
- Adobe (retired???, possibly subsequent yr).
Browsers
Together with final week’s mid-cycle replace to Microsoft Edge (Chromium) there are 10 updates to the Chromium core and eight patches to Edge, for a complete of 18 modifications. For the ten Chrome updates, you possibly can check with the Chrome Safety web page for extra particulars. You could find hyperlinks to the entire Microsoft updates right here: CVE-2022-3652, CVE-2022-3653, CVE-2022-3654, CVE-2022-3655, CVE-2022-3656, CVE-2022-3657, CVE-2022-3660, CVE-2022-3661. All 18 updates are low-profile, low-impact updates to the browser stack and will be added to your customary desktop replace schedule.
Microsoft Home windows
There’s good and unhealthy information this month for Home windows. The unhealthy information is now we have six Home windows zero-days with each publicly reported vulnerabilities and reported exploits within the wild. The excellent news is that solely one of many vulnerabilities (which is unbelievable) is rated vital by Microsoft. This month’s replace covers the next Home windows options:
- Home windows Scripting (the Home windows scripting host or object);
- Networking (notably how HTTPS is dealt with);
- Home windows Printing (the print spooler, once more);
- ODBC (the least of our worries this month).
We’re seeing some stories of issues this month with Kerberos. In response, Microsoft has offered two Data Base articles on tips on how to deal with the November modifications:
- The way to handle Kerberos protocol modifications associated to CVE-2022-37967.
- The way to handle the Netlogon protocol modifications associated to CVE-2022-38023.
Given the character of those reported zero-days, and accounting for the comparatively slim change profile this month, we suggest instant patching for all Home windows methods. Add these Home windows updates to your “Patch Now” schedule — and this time we actually imply it.
Microsoft Workplace
Microsoft launched eight updates to the Workplace platform, affecting Phrase, Excel and SharePoint server. There have been no vital updates this month (no preview pane vulnerabilities), with every patch rated vital by Microsoft. As well as, Microsoft launched a “Protection in Depth” advisory (ADV220003) for Workplace. These Microsoft advisories cowl the next enhanced safety options:
- Anti-phishing insurance policies.
- Enhanced filtering for connectors in Trade On-line.
- Precedence account safety.
- Trusted ARC.
These options are price additional examination; you possibly can learn extra about these and different preventative safety measures right here. Add these low-impact Microsoft Workplace updates to your customary launch schedule.
Microsoft Trade Server
Sadly, now we have Microsoft Trade Server updates again on the roster this month. Microsoft launched 4 updates; one (CVE-2022-41080) was rated as vital and the opposite three as vital. The vital elevation of privilege vulnerability in Trade has a score of CVSS 8.8 and although we do not see reported exploits, it is a critical low-complexity community accessible problem. Trade directors have to patch their servers this weekend. Add this to your “Patch Now” launch schedule.
Microsoft improvement platforms
Microsoft launched 4 updates, all rated vital, to its Visible Studio platform. Each the Visible Studio and Sysmon instruments are low profile, non-urgent updates to discrete Microsoft developer instruments. Add these to your common developer patch schedule.
Adobe (actually, simply Reader)
No updates from Adobe for November. Given the variety of patches launched final month, that is no shock. We might even see one other large replace from Adobe in December, given its regular replace/launch cadence.