Microsoft’s December Patch Tuesday up to date delivers 59 fixes, together with two zero-days (CVE-2022-44698 and CVE-2022-44710) that require quick consideration on the Home windows platform. It is a community targeted replace (TCP/IP and RDP) that may require important testing with an emphasis on ODBC connections, Hyper-V techniques, Kerberos authentication, and printing (each native and distant).
Microsoft additionally revealed an pressing out-of-band replace (CVE-2022-37966) to handle severe Kerberos authentication points. (The group at Readiness has supplied a useful infographic that outlines the dangers related to every of those updates.)
And Home windows Scorching-Patching for Azure Digital Machines (VMs) is now out there.
Recognized points
Every month, Microsoft features a listing of recognized points that relate to the OS and platforms included on this replace cycle.
- ODBC: After putting in the December replace, functions that use ODBC connections via Microsoft ODBC SQL Server Driver (sqlsrv32.dll) to entry databases won’t join. You would possibly obtain the next error messages: “The EMS System encountered an issue. Message: [Microsoft] [ODBC SQL Server Driver] Unknown token acquired from SQL Server”.
- RDP and Distant Entry: After you put in this or later updates on Home windows desktop techniques, you is perhaps unable to reconnect to (Microsoft) Direct Entry after quickly shedding community connectivity or transitioning between Wi-Fi networks or entry factors.
- Hyper-V: After putting in this replace on Hyper-V hosts managed by SDN configured System Middle Digital Machine Supervisor (VMM), you would possibly obtain an error on workflows involving creating a brand new Community Adapter (additionally referred to as a Community Interface Card or NIC) joined to a VM community or a brand new Digital Machine (VM).
- Energetic Listing: Resulting from further safety necessities in addressing the safety vulnerabilities in CVE-2022-38042, new safety checks are carried out on area internet be a part of requests. These additional checks could generate the next error message: “Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: An account with the identical title exists in Energetic Listing. Re-using the account was blocked by safety coverage.”
In preparation for the month’s replace to Home windows 10 and 11 techniques, we advocate runningan evaluation on all utility packages and search for a dependency on the system file SQLSRV32.DLL. If you want to examine a selected system, open a command immediate and run the command “tasklist /m sqlsrv32.dll.” This could listing any processes that rely upon this file.
Main revisions
Microsoft revealed only one revision this month, with no different revisions to earlier patches or updates launched.
- CVE-2022-37966 Home windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability: To handle a recognized challenge the place Kerberos authentication would possibly fail for person, laptop, service, and GMSA accounts when serviced by Home windows area controllers. This patch revision has been launched as a uncommon out-of-band replace and would require quick consideration, if not already addressed.
Mitigations and workarounds
Whereas there have been a number of documentation updates and FAQs added to this launch, Microsoft revealed a single mitigation:
- CVE-2022-37976: Energetic Listing Certificates Elevation of Privilege: A system is susceptible to this safety vulnerability provided that each the Energetic Listing Certificates Companies position and the Energetic Listing Area Companies position are put in on the similar server within the community. Microsoft has revealed a set of registry keys (LegacyAuthenticationLevel) that may assist cut back the floor space of this challenge. You will discover out extra about defending your techniques right here.
Testing steerage
Every month, the group at Readiness analyzes the newest updates and offers testing steerage. This steerage is predicated on assessing a big utility portfolio and an in depth evaluation of the Microsoft patches and their potential affect on the Home windows platforms and utility installations.
Given the big variety of modifications included this cycle, I’ve damaged down the testing eventualities into high-risk and standard-risk teams.
Excessive Threat: This month, Microsoft has not recorded any high-risk performance modifications. This implies it has not made main modifications to core APIs or performance to any of the core parts or functions included within the Home windows desktop and server ecosystems.
Extra typically, given the broad nature of this replace (Workplace and Home windows) we propose testing the next Home windows options and parts:
- Bluetooth: Microsoft has up to date two units of key API/Header information for Bluetooth drivers together with: IOCTL_BTH_SDP_REMOVE_RECORD IOCTL and DeviceIoControl operate. The important thing testing activity right here is to allow after which disable Bluetooth, making certain that your knowledge connections are nonetheless working as anticipated.
- GIT: The Git Digital File System (VfSForGit) has been up to date with modifications to the file and registry mappings. You’ll be able to learn extra about this key (inside) Home windows growth instrument right here.
Along with these modifications and testing necessities, I’ve included among the harder testing eventualities for this replace:
- Home windows Kernel: This month sees a broad replace to the Home windows kernel (Win32kfull.sys) that may have an effect on the first desktop UI expertise. Key options patched embrace the Begin menu, the settings applet, and File Explorer. Given the large UI testing floor, a bigger testing group could also be required to your preliminary roll-out. Should you nonetheless see your desktop or taskbar, take that as a optimistic signal.
Following final month’s replace to Kerberos authentication, there have been a number of reported points associated to authenticating, particularly throughout remote-desktop connections. Microsoft detailed the next eventualities and associated points addressed this month:
- Area person sign-in could fail. This additionally would possibly have an effect on Energetic Listing Federation Companies (AD FS) authentication.
- Group Managed Service Accounts (gMSA) used for providers reminiscent of Web Data Companies (IIS Internet Server) would possibly fail to authenticate.
- Distant Desktop connections utilizing area customers would possibly fail to attach.
- You is perhaps unable to entry shared folders on workstations and file shares on servers.
- Printing that requires area person authentication would possibly fail.
All these eventualities require important testing earlier than a common deployment of the December replace.
Except in any other case specified, we must always now assume that every Patch Tuesday replace would require testing of core printing capabilities together with:
- printing from directly-connected printers.
- add a printer, after which take away a printer (that is new for December).
- massive print jobs from servers (particularly if they’re additionally area controllers).
- distant printing (utilizing RDP and VPNs).
- check bodily and digital eventualities with 32-bit apps on 64-bit machines.
Home windows lifecycle replace
This part consists of essential modifications to servicing (and most safety updates) to Home windows desktop and server platforms. As that is an end-of-year replace, there are fairly a couple of “Finish of Service” modifications, together with:
- Home windows 10 (Enterprise, Dwelling, Professional) 21H2 – Dec. 12, 2022.
- Home windows 8.1 – Jan. 10, 2023.
- Home windows 7 SP1 (ESU) – Jan. 10, 2023.
- Home windows Server 2008 SP2 (ESU) – Jan. 10, 2023.
Every month, we break down the replace cycle into product households (as outlined by Microsoft) with the next fundamental groupings:
- Browsers (Microsoft IE and Edge);
- Microsoft Home windows (each desktop and server);
- Microsoft Workplace;
- Microsoft Trade Server;
- Microsoft Improvement platforms ( ASP.NET Core, .NET Core and Chakra Core)
- Adobe (retired???, possibly subsequent yr),
Browsers
Following a welcome development of no crucial updates to Microsoft’s browsers, this replace delivers simply three (CVE-2022-44668, CVE-2022-44708 and CVE-2022-41115) all rated essential. These updates have an effect on the Microsoft Chromium browser and will have marginal to low affect in your functions. Add these updates to your normal patch launch schedule.
Home windows
Microsoft launched patches to the Home windows ecosystem this month that deal with three crucial updates (CVE-2022-44676, CVE-2022-44670, and CVE-2022-41076), with 24 rated essential and two rated reasonable. Sadly, this month we’ve these two zero-days affecting Home windows with studies of CVE-2022-44698 exploited within the wild and CVE-2022-44710 publicly disclosed. We have now crafted particular testing suggestions, noting that there are reported points with Kerberos, Hyper-V and ODBC connections.
Add this replace to your “Patch Now” launch schedule.
Microsoft Workplace
Microsoft addressed two crucial vulnerabilities in SharePoint Server (CVE-202244693 and CVE-2022-44690) which might be comparatively straightforward to use and don’t require person interplay. The remaining two vulnerabilities have an effect on Microsoft Visio (CVE-2022-44696 and CVE-2022-44695) and are low-profile, low affect modifications. Except you are internet hosting your individual SharePoint servers (oh, why?), add these Microsoft updates to your normal launch schedule.
Microsoft Trade Server
Microsoft has not launched any updates, patches or safety mitigations for Microsoft Trade Server. Phew!
Microsoft growth platforms
Microsoft addressed two crucial vulnerabilities in Microsoft .NET (CVE-2022-41089) and PowerShell (CVE-2022-41076) this month. Although each safety points are rated crucial, they require native admin entry and are thought-about each troublesome and complicated to use. Mark Russinovich’s Sysmon additionally wants an replace with the elevation-of-privilege vulnerability CVE-2022-44704 and all supported variations of Visible Studio will likely be patched. Add these updates to your normal developer launch schedule.
Adobe Reader (nonetheless right here, however not this month)
Adobe has launched three class 3 (equal to Microsoft’s ranking of essential) updates to Illustrator, Expertise Supervisor and Marketing campaign (Basic). No updates to Adobe Reader this month.