Microsoft on Tuesday launched a tightly centered however nonetheless vital replace that addresses 68 reported (some publicly) vulnerabilities. Unfortunately, this month brings a brand new document: six zero-day flaws affecting Windows. As a outcome, we’ve added each the Windows and Exchange Server updates to our “Patch Now” schedule. Microsoft additionally revealed a “defense in depth” advisory (ADV220003) to assist safe Office deployments. And there are a small variety of Visual Studio, Word, and Excel updates so as to add to your commonplace patch launch schedule.You can discover extra info on the dangers of deploying these Patch Tuesday updates in our infographic.Known pointsEach month, Microsoft features a checklist of identified points that relate to the working system and platforms included on this replace cycle. There are two main reported points with Windows 11 — each associated to deploying and updating Windows 22H2 machines:
Users updating to Windows 22H2 and the replace or the Out of Box Experience could not full efficiently. Provisioning packages utilized throughout preliminary setup are most probably to be affected. For extra info, see Provisioning packages for Windows.
Network transfers of enormous (multi-gigabyte) recordsdata would possibly take longer than anticipated to complete on the newest model of Windows 11. You usually tend to expertise this concern copying recordsdata to Windows 11 22H2 from a community share through Server Message Block (SMB), however native file copy may also be affected.
In addition to those points, Microsoft SharePoint Server has skilled two points with the November and September updates:
Web Part Pages Web Service strategies could also be affected by the September 2022 safety replace. For extra info, see KB5017733.
Some SharePoint 2010 workflow eventualities could also be blocked. For extra info, see KB5017760.
Major revisionsTechnically talking, Microsoft revealed eight revisions this month, all for the Chromium Edge browser. In apply, these “revisions” had been commonplace updates to the Microsoft Edge browser and have been included in our Browser part. No different revisions to earlier patches or updates had been launched this month.Mitigations and workaroundsA single work-around has been revealed for the November Patch Tuesday:
CVE-2022-37976: Active Directory Certificate Services Elevation of Privilege Vulnerability. A system is weak provided that each the Active Directory Certificate Services position and the Active Directory Domain Services position are put in on a server within the community. Setting LegacyAuthenticationLevel – Win32 apps | Microsoft Docs to 5= RPC_C_AUTHN_LEVEL_PKT_INTEGRITY would possibly shield most processes on the machine towards this assault. For extra info see the next part on Setting System-Wide Security Using DCOMCNFG.
No different mitigations or workarounds for Microsoft platforms had been launched.Each month, the Readiness crew analyzes the patches utilized to Windows, Microsoft Office, and associated expertise/improvement platforms. We have a look at every replace, the person modifications and the potential impression on enterprise environments. These testing eventualities supply some structured steerage on learn how to finest deploy Windows updates to your surroundings. High Risk: This month, Microsoft didn’t report any high-risk performance modifications, that means it has not up to date nor made main modifications to core APIs, performance or any of the core elements or purposes included within the Windows desktop and server ecosystems.More usually, given the broad nature of this replace (Office and Windows), we propose testing the next Windows options and elements:
Hyper-V Update: a easy check of beginning and stopping VMs and remoted containers will suffice for this minor replace.
Microsoft PPTP VPN: train your typical VPN eventualities (join/disconnect/restart) and attempt to simulate a disruption. Contrary to earlier suggestions, no prolonged trials are required.
Microsoft Photo App: make sure that your RAW picture extensions work as anticipated.
Microsoft ReFS and ExFat: a typical CRUD check (Create/Rename/Update/Delete) will suffice this month.
There had been a number of updates to how group insurance policies are applied on Windows platforms this month. We recommend spending a while guaranteeing that the next options are working:
GPO coverage creation/deployment and deletion.
Editing GPO insurance policies, with a validation test to see whether or not these up to date insurance policies have been utilized to your entire OU.
Ensure that each one symbolic hyperlinks are working as anticipated (redirects to consumer information).
And, with all testing regimes required when making modifications to Microsoft GPOs, keep in mind to make use of the “gpupdate /force” command to make sure that all modifications have been dedicated to the goal system. Who makes use of the Windows Overlay Filter Feature?System engineers, that is who. If you’ve needed to construct consumer machines for giant automated enterprise deployments you will have to work with the Windows Overlay Filter (WoF) driver for WIM boot recordsdata. WoF permits for considerably higher compression ratios of set up recordsdata and was launched in Windows 8. If you might be in the midst of a big client-side deployment effort this month, make sure that your WIM recordsdata are nonetheless accessible after the November replace. If you are searching for extra info on this key Windows deployment function, try this weblog put up on WoF information compression.Unless in any other case specified, we must always assume that every Patch Tuesday replace would require testing of core printing capabilities together with:
printing from instantly linked printers;
massive print jobs from servers (particularly if they’re additionally area controllers);
distant printing (utilizing RDP and VPN).
Each month, we break down the replace cycle into product households (as outlined by Microsoft) with the next fundamental groupings:
Browsers (Microsoft IE and Edge);
Microsoft Windows (each desktop and server);
Microsoft Office;
Microsoft Exchange Server;
Microsoft Development platforms ( ASP.NET Core, .NET Core and Chakra Core);
Adobe (retired???, perhaps subsequent 12 months).
BrowsersIncluding final week’s mid-cycle replace to Microsoft Edge (Chromium) there are 10 updates to the Chromium core and eight patches to Edge, for a complete of 18 modifications. For the 10 Chrome updates, you may consult with the Chrome Security web page for extra particulars. You can discover hyperlinks to the entire Microsoft updates right here: CVE-2022-3652, CVE-2022-3653, CVE-2022-3654, CVE-2022-3655, CVE-2022-3656, CVE-2022-3657, CVE-2022-3660, CVE-2022-3661. All 18 updates are low-profile, low-impact updates to the browser stack and may be added to your commonplace desktop replace schedule.Microsoft WindowsThere’s good and unhealthy information this month for Windows. The unhealthy information is we’ve six Windows zero-days with each publicly reported vulnerabilities and reported exploits within the wild. The excellent news is that solely one of many vulnerabilities (which is unimaginable) is rated vital by Microsoft. This month’s replace covers the next Windows options:
Windows Scripting (the Windows scripting host or object);
Networking (notably how HTTPS is dealt with);
Windows Printing (the print spooler, once more);
ODBC (the least of our worries this month).
We are seeing some experiences of issues this month with Kerberos. In response, Microsoft has supplied two Knowledge Base articles on learn how to deal with the November modifications:Given the character of those reported zero-days, and accounting for the comparatively slender change profile this month, we advocate speedy patching for all Windows programs. Add these Windows updates to your “Patch Now” schedule — and this time we actually imply it.Microsoft OfficeMicrosoft launched eight updates to the Office platform, affecting Word, Excel and SharePoint server. There had been no vital updates this month (no preview pane vulnerabilities), with every patch rated essential by Microsoft. In addition, Microsoft launched a “Defense in Depth” advisory (ADV220003) for Office. These Microsoft advisories cowl the next enhanced safety options:These options are value additional examination; you may learn extra about these and different preventative safety measures right here. Add these low-impact Microsoft Office updates to your commonplace launch schedule.Microsoft Exchange ServerUnfortunately, we’ve Microsoft Exchange Server updates again on the roster this month. Microsoft launched 4 updates; one (CVE-2022-41080) was rated as vital and the opposite three as essential. The vital elevation of privilege vulnerability in Exchange has a ranking of CVSS 8.8 and although we do not see reported exploits, it is a critical low-complexity community accessible concern. Exchange directors must patch their servers this weekend. Add this to your “Patch Now” launch schedule.Microsoft improvement platformsMicrosoft launched 4 updates, all rated essential, to its Visual Studio platform. Both the Visual Studio and Sysmon instruments are low profile, non-urgent updates to discrete Microsoft developer instruments. Add these to your common developer patch schedule.Adobe (actually, simply Reader)No updates from Adobe for November. Given the variety of patches launched final month, that is no shock. We might even see one other huge replace from Adobe in December, given its regular replace/launch cadence.
Copyright © 2022 IDG Communications, Inc.