Microsoft rolled into 2021 with a reasonably benign replace cycle for Windows and Microsoft Office programs, delivering 83 updates for January. Yes, there may be an replace to Windows defender (CVE-2021-1647) that has been reported as exploited. Yes, there was a publicly disclosed problem (CVE-2021-1648) within the Windows printing subsystem. But there aren’t any Zero-days and no “Patch Now” suggestions for this month. There are, nonetheless, numerous characteristic and performance teams “touched” by these updates; we suggest a complete check of printing and key graphics areas earlier than basic Windows replace deployment. Meanwhile, for Office we suggest sticking with a modest-paced rollout with a deal with Word and Excel testing.We have included an infographic that this month appears slightly lopsided since all the consideration must be on Windows componentsKey testing scenariosWorking with Microsoft, now we have developed a system that interrogates Microsoft updates and matches any file adjustments (deltas) launched every month in opposition to our testing library. The result’s a “hot-spot” testing matrix that helps drive our portfolio testing course of. This month, our evaluation of this Patch Tuesday launch generated the next testing situations:The Microsoft SPLWOW64 sub-system has been up to date in the way it communicates with the GDI system. Testing situations are equivalent to the November Microsoft replace launch cycle. We suggest that you simply run check print jobs from your entire browsers, Office, and your core line of enterprise purposes. Hint: print totally different sizes of paperwork — go for the bigger ones, and take a look at printing to a file (PDF).
After an intensive testing of your printing sources (bear in mind to incorporate distant printing via RDP), you must also check the next areas:Bluetooth: connecting/disconnecting community connections. Don’t fear about audio.
Remote desktop connections: you may’t check these sufficient (over a VPN)
Virtualization folders: run via a “CRUD” check (Create, Read, Update, Delete)
Windows Installer: strive a (massive) bundle restore, then reinstall after which examine the log recordsdata (verbose mode)
AppX: take your entire AppX packages, and uninstall them (simply kidding). OK, possibly only a few.
Known pointsEach month, Microsoft features a checklist of recognized points that relate to Windows and platforms which are included within the newest replace cycle. I’ve referenced a number of key points that relate to the most recent builds, together with:Windows 10 1809: System and person certificates may be misplaced when updating a tool from Windows 10, model 1809, or later to a more moderen model of Windows 10. You can recuperate from this set up/replace situation by following Microsoft’s really helpful restoration choices for Windows 10discovered right here. Note: Microsoft is actively engaged on this problem, and we anticipate a refreshed media set within the coming weeks.
After putting in KB4493509, units with some Asian language packs put in might obtain the error, “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.” We suggest a whole reinstall of the language pack after which resetting all configuration particulars. Microsoftoffers some steerage right here.
Certain operations, comparable to rename, that you simply carry out on recordsdata or folders which are on a Cluster Shared Volume (CSV) might fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).” Microsoft has been trying into this problem for some time; I do not anticipate a decision within the brief time period.
You may discover Microsoft’s abstract of recognized Issues for this launch in a single web page.Major revisionsThis month, now we have a number of main revisions together with:CVE-2018-8455: This is the second try by Microsoft to resolve a Windows kernel problem (the primary was in September 2018). No additional motion required apart from making use of this month’s replace.
CVE-2020-10689: This is the second (documentation solely) replace to this patch. No additional motion required.
CVE-2020-17087: A documentation/info replace solely — no additional motion required.
Mitigations and workaroundsFor this January launch, Microsoft has not printed any potential workarounds or mitigation methods that apply to this month’s addressed vulnerabilities.Each month, we break down the replace cycle into product households (as outlined by Microsoft) with the next primary groupings:Browsers (Microsoft IE and Edge)
Microsoft Windows (each desktop and server)
Microsoft Office (Including Web Apps and Exchange)
Microsoft Development platforms (ASP.NET Core, .NET Core and Chakra Core)
Adobe Flash Player
BrowsersWe often have a protracted checklist of browser-based practical areas to focus on, however this month (once more) we simply have the next replace rated as crucial for Microsoft Edge (CVE-2021-1705). The single safety problem addressed on this replace is comparatively troublesome to use, requires native interplay and has not been publicly reported. Coming on the heels of many reminiscence corruption clean-up efforts for each Microsoft browsers through the years, this replace would require a whole replace of all associated recordsdata for Edge’s native set up. Add this replace to your commonplace browser replace schedule.Microsoft WindowsMicrosoft has labored to deal with eight crucial and 57 necessary updates for this replace cycle. A vulnerability in Windows Defender (CVE-2021-1647) has been reported as exploited, and a vulnerability in a core subsystem within the Windows printing system (CVE-2021-1648) has been publicly reported. I believe that the printing problem and the GDI (CVE-2021-1665) vulnerability might trigger testing points resulting from their complicated interdependencies with different Windows subsystems and purposes. Here are how the patches are dispersed throughout to the next options (or practical groupings)Critical UpdatesNecessary Updates (grouped by Windows characteristic or perform)Windows Defender (CVE-2021-1647 – publicly exploited);
Microsoft Bluetooth Driver;
Windows CSC Service;
Microsoft Graphics and Codecs;
Windows AppX Deployment Extensions and Windows Hyper-V;
Windows CryptoAPI;
Windows Diagnostic Hub, Event Tracing and Windows Event Logging Service;
Windows Installer and Windows Update Stack;
Windows Kernel;
Windows Print Spooler Components (CVE-2021-1648 – publicly reported).
Following the testing suggestions (listed above) I’d make this replace a precedence, noting that the testing cycle might require in-depth evaluation, require some {hardware} (printing) and contain distant customers (testing throughout a VPN). Add these Windows updates to your “Test before Deploy” replace launch schedule.Microsoft OfficeMicrosoft has launched 11 updates — all rated necessary — to the Microsoft Office and SharePoint platforms protecting the next utility or characteristic groupings:This month’s Office-related safety points are benign. No crucial points, and extremely complicated and difficult-to-exploit vulnerabilities (requiring native entry) which are powerful to abuse at scale cut back the danger of publicity. The one problem we had been nervous about was whether or not the Excel (CVE-2021-1713) and Word (CVE-2021-1716) vulnerabilities may very well be exploited via a preview pane weak point (usually the case with a lot of these RCE vulnerabilities). Not this month. Add these updates to your common Office replace schedule.Microsoft improvement platformsMicrosoft has launched three updates to its improvement platforms, all rated necessary; they have an effect on the these platforms or purposes:The first two updates to .NET Core and the Microsoft AI bot framework repository are troublesome to use, non worm-able vulnerabilities, whereas the third impacts an open-source element utilized by Visual Studio (Treatment53 DOM Purify). Given that these are updates to platform SDK, the affect on manufacturing code must be minimal. Add these updates to your commonplace improvement replace schedule.Adobe Flash PlayerIn life there are millstones (sure, there are 1078 particular person reported vulnerabilities for Flash, and for Flash alone), milestones — and now we even have software program demise notices. This month, we lastly see the tip of Adobe Flash. If you’re an enterprise “consumer” of Flash, your efforts to disable it in your managed programs might elevate numerous prompts to uninstall the “swiss cheese” of safety (after MSXML) that will trigger some concern to customers. You can suppress these prompts with some assist from the Flash Player administrator’s information. And, please do us all a favor, irrespective of how unhealthy it will get, don’t add your organization to the area degree enable checklist. Even Adobe feels strongly about this with this quote from the Adobe Flash Player Enterprise Enablement part: “Any use of the domain-level allow list after the EOL Date is strongly discouraged, will not be supported by Adobe, and is entirely at the user’s own risk.” Ha!
Copyright © 2021 IDG Communications, Inc.