Microsoft on Tuesday launched a tightly targeted however nonetheless important replace that addresses 68 reported (some publicly) vulnerabilities. Sadly, this month brings a brand new document: six zero-day flaws affecting Home windows. In consequence, we’ve added each the Home windows and Alternate Server updates to our “Patch Now” schedule. Microsoft additionally revealed a “protection in depth” advisory (ADV220003) to assist safe Workplace deployments. And there are a small variety of Visible Studio, Phrase, and Excel updates so as to add to your customary patch launch schedule.
Yow will discover extra info on the dangers of deploying these Patch Tuesday updates in our infographic.
Identified points
Every month, Microsoft features a record of recognized points that relate to the working system and platforms included on this replace cycle. There are two main reported points with Home windows 11 — each associated to deploying and updating Home windows 22H2 machines:
- Customers updating to Home windows 22H2 and the replace or the Out of Field Expertise could not full efficiently. Provisioning packages utilized throughout preliminary setup are more than likely to be affected. For extra info, see Provisioning packages for Home windows.
- Community transfers of enormous (multi-gigabyte) recordsdata may take longer than anticipated to complete on the most recent model of Home windows 11. You usually tend to expertise this problem copying recordsdata to Home windows 11 22H2 from a community share by way of Server Message Block (SMB), however native file copy may additionally be affected.
Along with these points, Microsoft SharePoint Server has skilled two points with the November and September updates:
- Net Half Pages Net Service strategies could also be affected by the September 2022 safety replace. For extra info, see KB5017733.
- Some SharePoint 2010 workflow eventualities could also be blocked. For extra info, see KB5017760.
Main revisions
Technically talking, Microsoft revealed eight revisions this month, all for the Chromium Edge browser. In observe, these “revisions” had been customary updates to the Microsoft Edge browser and have been included in our Browser part. No different revisions to earlier patches or updates had been launched this month.
Mitigations and workarounds
A single work-around has been revealed for the November Patch Tuesday:
- CVE-2022-37976: Energetic Listing Certificates Companies Elevation of Privilege Vulnerability. A system is susceptible provided that each the Energetic Listing Certificates Companies position and the Energetic Listing Area Companies position are put in on a server within the community. Setting LegacyAuthenticationLevel – Win32 apps | Microsoft Docs to five= RPC_C_AUTHN_LEVEL_PKT_INTEGRITY may shield most processes on the machine in opposition to this assault. For extra info see the next part on Setting System-Extensive Safety Utilizing DCOMCNFG.
No different mitigations or workarounds for Microsoft platforms had been launched.
Every month, the Readiness workforce analyzes the patches utilized to Home windows, Microsoft Workplace, and associated know-how/growth platforms. We take a look at every replace, the person modifications and the potential affect on enterprise environments. These testing eventualities provide some structured steerage on the right way to greatest deploy Home windows updates to your setting.
Excessive Danger: This month, Microsoft didn’t report any high-risk performance modifications, that means it has not up to date nor made main modifications to core APIs, performance or any of the core parts or functions included within the Home windows desktop and server ecosystems.
Extra usually, given the broad nature of this replace (Workplace and Home windows), we propose testing the next Home windows options and parts:
- Hyper-V Replace: a easy take a look at of beginning and stopping VMs and remoted containers will suffice for this minor replace.
- Microsoft PPTP VPN: train your typical VPN eventualities (join/disconnect/restart) and attempt to simulate a disruption. Opposite to earlier suggestions, no prolonged trials are required.
- Microsoft Photograph App: be sure that your RAW picture extensions work as anticipated.
- Microsoft ReFS and ExFat: a typical CRUD take a look at (Create/Rename/Replace/Delete) will suffice this month.
There have been a number of updates to how group insurance policies are applied on Home windows platforms this month. We recommend spending a while making certain that the next options are working:
- GPO coverage creation/deployment and deletion.
- Modifying GPO insurance policies, with a validation test to see whether or not these up to date insurance policies have been utilized to all the OU.
- Be certain that all symbolic hyperlinks are working as anticipated (redirects to consumer information).
And, with all testing regimes required when making modifications to Microsoft GPOs, keep in mind to make use of the “gpupdate /power” command to make sure that all modifications have been dedicated to the goal system.
Who makes use of the Home windows Overlay Filter Function?
System engineers, that is who. When you’ve got needed to construct shopper machines for big automated enterprise deployments you might have to work with the Home windows Overlay Filter (WoF) driver for WIM boot recordsdata. WoF permits for considerably higher compression ratios of set up recordsdata and was launched in Home windows 8. In case you are in the midst of a big client-side deployment effort this month, be sure that your WIM recordsdata are nonetheless accessible after the November replace. In the event you’re on the lookout for extra info on this key Home windows deployment characteristic, try this weblog submit on WoF information compression.
Except in any other case specified, we should always assume that every Patch Tuesday replace would require testing of core printing capabilities together with:
- printing from straight related printers;
- massive print jobs from servers (particularly if they’re additionally area controllers);
- distant printing (utilizing RDP and VPN).
Every month, we break down the replace cycle into product households (as outlined by Microsoft) with the next fundamental groupings:
- Browsers (Microsoft IE and Edge);
- Microsoft Home windows (each desktop and server);
- Microsoft Workplace;
- Microsoft Alternate Server;
- Microsoft Improvement platforms ( ASP.NET Core, .NET Core and Chakra Core);
- Adobe (retired???, possibly subsequent 12 months).
Browsers
Together with final week’s mid-cycle replace to Microsoft Edge (Chromium) there are 10 updates to the Chromium core and eight patches to Edge, for a complete of 18 modifications. For the ten Chrome updates, you may discuss with the Chrome Safety web page for extra particulars. Yow will discover hyperlinks to the entire Microsoft updates right here: CVE-2022-3652, CVE-2022-3653, CVE-2022-3654, CVE-2022-3655, CVE-2022-3656, CVE-2022-3657, CVE-2022-3660, CVE-2022-3661. All 18 updates are low-profile, low-impact updates to the browser stack and might be added to your customary desktop replace schedule.
Microsoft Home windows
There’s good and dangerous information this month for Home windows. The dangerous information is we’ve six Home windows zero-days with each publicly reported vulnerabilities and reported exploits within the wild. The excellent news is that solely one of many vulnerabilities (which is unimaginable) is rated vital by Microsoft. This month’s replace covers the next Home windows options:
- Home windows Scripting (the Home windows scripting host or object);
- Networking (notably how HTTPS is dealt with);
- Home windows Printing (the print spooler, once more);
- ODBC (the least of our worries this month).
We’re seeing some reviews of issues this month with Kerberos. In response, Microsoft has supplied two Data Base articles on the right way to deal with the November modifications:
- Easy methods to handle Kerberos protocol modifications associated to CVE-2022-37967.
- Easy methods to handle the Netlogon protocol modifications associated to CVE-2022-38023.
Given the character of those reported zero-days, and accounting for the comparatively slim change profile this month, we advocate fast patching for all Home windows techniques. Add these Home windows updates to your “Patch Now” schedule — and this time we actually imply it.
Microsoft Workplace
Microsoft launched eight updates to the Workplace platform, affecting Phrase, Excel and SharePoint server. There have been no vital updates this month (no preview pane vulnerabilities), with every patch rated essential by Microsoft. As well as, Microsoft launched a “Protection in Depth” advisory (ADV220003) for Workplace. These Microsoft advisories cowl the next enhanced safety options:
- Anti-phishing insurance policies.
- Enhanced filtering for connectors in Alternate On-line.
- Precedence account safety.
- Trusted ARC.
These options are value additional examination; you may learn extra about these and different preventative safety measures right here. Add these low-impact Microsoft Workplace updates to your customary launch schedule.
Microsoft Alternate Server
Sadly, we’ve Microsoft Alternate Server updates again on the roster this month. Microsoft launched 4 updates; one (CVE-2022-41080) was rated as vital and the opposite three as essential. The vital elevation of privilege vulnerability in Alternate has a ranking of CVSS 8.8 and although we do not see reported exploits, it is a critical low-complexity community accessible problem. Alternate directors have to patch their servers this weekend. Add this to your “Patch Now” launch schedule.
Microsoft growth platforms
Microsoft launched 4 updates, all rated essential, to its Visible Studio platform. Each the Visible Studio and Sysmon instruments are low profile, non-urgent updates to discrete Microsoft developer instruments. Add these to your common developer patch schedule.