Microsoft has addressed 97 current vulnerabilities this April Patch Tuesday, with an extra eight beforehand launched patches up to date and re-released. There have been reviews of a vulnerability (CVE-2023-28252) exploited within the wild, making it a “Patch Now” launch.This replace cycle impacts Windows desktops, Microsoft Office, and Adobe Reader. No updates for Microsoft Exchange this month. The group at Application Readiness has supplied a useful infographic that outlines the dangers related to every of the updates for this April replace cycle.Known issuesEach month, Microsoft features a listing of recognized points that relate to the working system and platforms which are included on this replace cycle.
Windows 11 22H2: After putting in this or later updates, Windows gadgets with some third-party UI customization apps won’t begin up. Microsoft is presently investigating this concern.
Updates launched February 14, 2023 or later won’t be supplied from some Windows Server Update Services (WSUS) servers to Windows 11, model 22H2. The updates will obtain to the WSUS server however won’t propagate additional to shopper gadgets. Microsoft is engaged on this concern. An replace is anticipated quickly.
And for these gaming cowboys on the market, it seems that Red Dead Redemption 2 is lifeless on arrival — at the least for this April replace. For these IT directors who copy massive recordsdata on Windows 11 techniques (we all know who you might be), you might be simply going to have to attend (a bit of longer), as there’s nonetheless a buffering downside for multigigabit community transfers on Microsoft’s newest desktop OS.Major revisionsThis month Microsoft has revealed a number of main revisions for earlier updates together with:
CVE-2023-28260: .NET DLL Hijacking Remote Code Execution Vulnerability. This safety patch has been up to date to assist PowerShell 7.2/7.3.
CVE-2023-21722, CVE-2023-21808: .NET Framework Denial of Service Vulnerability. Microsoft has re-released KB5022498 to handle a recognized concern the place clients who put in the .NET Framework 4.8 February cumulative replace (KB5022502), then upgraded to .NET Framework 4.8.1 and subsequently scanned for updates, have been unable to put in KB5022498. Customers who have been unable to put in KB5022498 ought to rescan for updates and set up the replace. Customers who’ve already efficiently put in KB5022498 don’t must take any additional motion.
CVE-2023-23413, CVE-2023-24867, CVE-2023-24907, CVE-2023-24909: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. The following adjustments have been made to this CVE report’s description: 1) Added FAQ to clarify how an attacker may exploit this Remote Code Execution vulnerability. 2) Removed incorrect CVSS metric FAQs. These are informational adjustments solely.
CVE-2023-28303: Windows Snipping Tool Information Disclosure Vulnerability. Added an FAQ to clarify how one can get the replace from the Microsoft Store if automated updates for the shop are disabled. This is an informational change solely.
Mitigations and workaroundsMicrosoft has revealed the next vulnerability associated mitigations for this month’s April Patch Tuesday launch cycle:
CVE-2023-23397: To mitigate in opposition to this Microsoft Outlook elevation of privilege vulnerability, Microsoft recommends, “Administrators should add users to the Protected Users Security Group, which prevents the use of NTLM as an authentication mechanism. Performing this mitigation makes troubleshooting easier than other methods of disabling NTLM.” The Readiness group recommends that the TCP port 445 (outbound) is blocked till this vulnerability is addressed by an official Microsoft patch.
Testing guidanceEach month, the group at Readiness analyzes the most recent Patch Tuesday updates from Microsoft and offers detailed, actionable testing steerage. This steerage relies on assessing a big utility portfolio and an in depth evaluation of the Microsoft patches and their potential influence on Windows desktop platforms and utility installations.Given the big variety of adjustments included on this April patch cycle, I’ve damaged down the testing eventualities into normal and high-risk profiles.
Test your community connectivity (use the net and Teams) with a VPN and dial-up (PPPoE and SSTP).
Test your Bluetooth connections. Just for enjoyable, strive printing from Bluetooth. OK, that is not humorous.
When testing your VPN and IKEv2 and L2TP, be sure that the testing profile features a connectivity test.
Test out sound/audio over RDP desktop periods.
High threatMicrosoft has made some important adjustments to how the SQLOLEDB part capabilities. SQLOLEDB is a core Microsoft part that handles SQL to OLE API calls. This will not be the primary time that this key data-focused part has been patched by Microsoft, with a serious replace simply final September. The Assessment group at Readiness extremely recommends an utility portfolio scan for all functions (and their dependencies) that embody references to the Microsoft library SQLOLEDB.DLL. Scanning utility packages for ODBC references will increase a number of “noise” and so the library dependency test is most popular on this occasion. Once performed, database connectivity assessments must be carried out, and we suspect (most significantly) that these assessments must be performed over a VPN or a much less secure web connection.All these (each normal and high-risk) eventualities would require important application-level testing earlier than a normal deployment of this month’s replace. In addition to the SQL connectivity testing necessities, we additionally recommend the next “smoke” assessments in your techniques:
Test out the Windows on-screen keyboard (OSK).
Test booting your Windows desktop techniques from a RAM disk.
Test the Windows logging system (CLFS) with a create/learn/replace/delete check (CRUD).
We additionally should contemplate the most recent replace for Adobe Reader this month, so please embody a printing check in your deployment effort.Updates by product familyEach month, we break down the replace cycle into product households (as outlined by Microsoft) with the next fundamental groupings:
Browsers (Microsoft IE and Edge)
Microsoft Windows (each desktop and server)
Microsoft Office
Microsoft Exchange Server
Microsoft Development platforms (ASP.NET Core, .NET Core and Chakra Core)
Adobe (retired???, perhaps subsequent yr)
BrowsersThis April patch cycle sees the return of patches to the Microsoft Edge browser platform with simply three updates (CVE-2023-28284, CVE-2023-24935, and CVE-2023-28301), all rated as low by Microsoft. In addition, Microsoft has revealed 14 Chromium Edge browser updates, which ought to have minimal deployment dangers. Add these updates to your normal patch launch schedule.If you’ve got the time, there’s a nice submit from the Chromium undertaking group on how they’re enhancing the efficiency of all Chromium browsers.WindowsThis April, Microsoft launched seven important updates and 71 patches rated as Important to the Windows platform that cowl the next key elements (for the important updates):
Microsoft Message Queuing
Windows Layer 2 Tunneling Protocol
Windows DHCP Server
Unfortunately, this month there have been reviews of a vulnerability (CVE-2023-28252) exploited within the wild, including to our zero-day depend. Add this replace to your “Patch Now” launch schedule. Microsoft OfficeNo important updates for the Microsoft Office product group this month. Microsoft has supplied 5 updates rated as Important to Microsoft Publisher and SharePoint addressing spoofing and distant code execution safety vulnerabilities. Add these Office updates to your normal launch schedule.Microsoft Exchange ServerIt’s mentioned that April is the cruellest month, however I’m not so positive, as there aren’t any updates from Microsoft for the Microsoft Exchange Server product group this month. This ought to put some spring in your step.Microsoft growth platformsMicrosoft has launched simply six updates to Visual Studio and .NET (6.X/7.x) for this April patch cycle. These patches handle vulnerabilities with low or necessary scores by Microsoft and subsequently will be added to your normal developer launch schedule.Adobe Reader (the cat has come again)We have Adobe Reader updates for this April replace cycle. I actually thought that we have been performed with Reader updates, however right here we’re with a Priority 3 (the bottom score from Adobe) replace (APSB 23-24) that impacts all variations of Adobe Reader and addresses a number of reminiscence leak safety vulnerabilities. Add this replace to your normal third-party utility deployment effort.
Copyright © 2023 IDG Communications, Inc.