Microsoft’s February Patch Tuesday replace offers with 76 vulnerabilities that have an effect on Windows, Exchange, Office, and Microsoft improvement instruments — and three Windows vulnerabilities (CVE-2023-21823, CVE-2023-21715 and CVE-2023-23376) have been reported as exploited within the wild and require speedy consideration.Though it will get a decrease ranking from Microsoft, the Exchange points additionally warrant a fast response. Meanwhile, the Microsoft Office and improvement platform updates could be added to your common launch schedule.The workforce at Readiness has supplied this infographic that outlines the dangers related to every of the updates on this month’s replace.Known pointsMicrosoft features a listing of recognized points that relate to the working system and platforms within the newest updates:
XPS paperwork that make the most of structural or semantic parts like desk construction, storyboards, or hyperlinks might not show accurately in WPF-based readers. To deal with this problem, Microsoft supplied a PowerShell script the place you’ll be able to run the command: .kb5022083-compat.ps1 -Install. This command provides the next registry key: “HKLMSOFTWAREMicrosoft.NETFrameworkWindows Presentation FoundationXPSAllowedTypes” /v “DisableDec2022Patch” /t REG_SZ /d “*” /reg:64
Copying massive multiple-gigabyte information may take longer than anticipated to complete in Windows 11 model 22H2. You usually tend to expertise this problem copying information from a community share by way of Server Message Block (SMB), however native file copy may additionally be affected.
If you’re nonetheless utilizing Microsoft’s Windows Server 2012 for area authentication, it’s possible you’ll expertise the next recognized problem: area be a part of operations could be unsuccessful and error “0xaac (2732): NERR_AccountReuseBlockedByPolicy” happens. Additionally, textual content saying, “An account with the same name exists in Active Directory. Re-using the account was blocked by security policy” could be displayed. Microsoft has supplied further steering (KB5020276) on managing this problem as a part of the ESU program.Major revisionsMicrosoft revealed three main revisions this month:
CVE-2023-21705 and CVE-2023-21713: Microsoft SQL Server Remote Code Execution Vulnerability. These revisions prolong help for legacy (ESU) SQL merchandise. No additional motion required.
CVE-2023-21721: Microsoft OneNote Elevation of Privilege Vulnerability. This is a minor informational change — no motion obligatory.
Mitigations and workaroundsMicrosoft has revealed the next vulnerability-related mitigations for this launch:
CVE-2023-21804: Windows Graphics Component Elevation of Privilege Vulnerability. Only Windows computer systems which have the XPS doc author characteristic put in are susceptible. In Windows 10, the XPS Document Writer is put in by default; in Windows 11, it isn’t.
CVE-2023-21803: Windows iSCSI Discovery Service Remote Code Execution Vulnerability. By default, the iSCSI Initiator consumer software is disabled and can’t be exploited. For a system to be susceptible, the iSCSI Initiator consumer software would have to be enabled.
CVE-2023-21713, CVE2023-21705: Microsoft SQL Server Remote Code Execution Vulnerability. This is simply exploitable if this optionally available characteristic is enabled and operating on a SQL occasion. (The characteristic is just not obtainable in Azure SQL situations.)
CVE-2023-21692, CVE-2023-21690 and CVE-2023-21689: Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution. PEAP is simply negotiated with the consumer if NPS is operating on the Windows Server and has a community coverage configured that permits PEAP vulnerability. Learn extra about configuring Microsoft PEAP right here.
Testing steering Each month, the workforce at Readiness analyses the most recent Patch Tuesday updates and supplies detailed, actionable testing steering. This is predicated on assessing a big software portfolio and an in depth evaluation of the Microsoft patches and their potential influence on Windows and software installations. Given the massive variety of adjustments included this month, I’ve damaged down the testing situations into high-risk and standard-risk teams:High DangerAs all of the high-risk adjustments have an effect on the Windows printing subsystem once more this month, we’ve not seen any revealed performance adjustments. We strongly advocate the next printing centered testing:
The Microsoft “MS Publisher Imagesetter” has been up to date considerably. These are built-in drivers that are actually over a decade previous. There have been stories of unhealthy printing high quality from utilizing these drivers, so an replace was undoubtedly wanted.
Test printing utilizing V3 printer drivers with each shade and black/white. Check for lacking content material.
There’s been an replace to how Windows handles URLs, particularly when printing. A fast run-through of opening net pages that reference Microsoft Word, PowerPoint, and Excel after which exercising a easy print job ought to spotlight any points.
All these situations would require important application-level testing earlier than a normal deployment of the replace. In addition, we propose a normal check of the next printing options:
32-bit purposes that require printing on 64-bit gadgets require testing. Pay consideration to software exit as this will likely generate reminiscence associated errors.
Test your backup methods and make sure that your error and associated system logs seem appropriate.
Test your VPN connections in case you are utilizing the PEAP protocol. This protocol adjustments continuously, we advocate that you simply subscribe to the Microsoft RSS feed for future adjustments.
Test your ODBC connections, database, and SQL instructions.
Though you will not must conduct massive file switch testing this month, we extremely advocate testing (very) lengthy UNC paths from totally different machines. Our focus was on community paths accessing a number of machines throughout totally different variations of Windows. In addition to those situations, Microsoft up to date the system kernel and core graphics parts (GDI). Definitely “smoke test” your core or line-of-business apps and take note of graphics-intensive purposes. Given the fast adjustments and frequent updates to purposes (and their dependencies) in a contemporary software portfolio, make sure that your methods are “cleanly” uninstalling earlier software variations. Leaving legacy purposes or remnant parts may expose your system to patched vulnerabilities.Windows lifecycle replaceThis part accommodates vital adjustments to servicing (and most safety updates) to Windows desktop and server platforms. With Windows 10 21H2 now out of mainstream help, the next Microsoft purposes will attain finish of mainstream help or servicing in 2023:
Visio Services in SharePoint (in Microsoft 365) — Feb. 10, 2023 (retired);
Microsoft Endpoint Configuration Manager, Version 2107 — Feb 2, 2023 (finish of service).
Each month, we break down the replace cycle into product households (as outlined by Microsoft) with the next fundamental groupings:
Browsers (Microsoft IE and Edge).
Microsoft Windows (each desktop and server).
Microsoft Office.
Microsoft Exchange Server.
Microsoft Development platforms ( ASP.NET Core, .NET Core and Chakra Core).
Adobe (retired???, possibly subsequent yr).
BrowsersMicrosoft launched three updates to its (Chromium) Edge browser: CVE-2023-21794, CVE-2023-23374 and CVE-2023-21720 . You can discover Microsoft’s model of these launch notes right here and the Google Desktop channel launch notes right here. There have been no different updates to Microsoft browser (or rendering engines) this month. Add these updates to your commonplace patch launch schedule. WindowsMicrosoft launched 4 vital updates and 32 “important” patches to the Windows platform that cowl the next key parts:
Microsoft PostScript Printer Driver (with updates to FAX and SCAN);
Windows ODBC, OLE, WDAC Driver;
Windows Common Log File System Driver;
and Windows Cryptographic Services and Kerberos.
While the Microsoft PEAP authentication distant code vulnerabilities (CVE-2023-21689 and CVE2023-21690) are probably the most worrisome, the remaining updates that solely have an effect on Windows aren’t as harmful as we have seen up to now. Unfortunately, three Windows vulnerabilities (CVE-2023-21823, CVE-2023-21715 and CVE-2023-23376) have been reported as exploited within the wild. As a consequence, add this replace to your “Patch Now” launch schedule.Microsoft OfficeMicrosoft launched a patch addressing a vital vulnerability (CVE-2023-21706) in Microsoft Word that would result in distant code execution. There are 5 different updates for the Office platform (together with SharePoint), all rated vital. We haven’t had any stories of exploits within the wild for the vital Word problem, so we advocate that you simply add these Office updates to your standard-release schedule.Microsoft Exchange ServerWe are going to have to interrupt some guidelines this month. Microsoft has launched 4 patches to Microsoft Exchange Server (CVE-2023-21706, CVE-2023-21707, CVE-2023-21529, CVE-2023-21710) all of that are rated vital. Unfortunately, CVE-2023-21529 may result in distant code execution and actually might be classed as a vital vulnerability.This vulnerability doesn’t require consumer interplay, is accessible by way of distant methods and doesn’t require native privileges on the native system. All supported variations of Exchange are susceptible. We are seeing stories of Exchange crypto-mining assaults already. We are going so as to add CVE-2023-21529 to our “Patch Now” schedule.Microsoft improvement platformsMicrosoft launched three vital updates affecting Visual Studio and .NET (CVE-2023-21808, CVE-2023-21815 and CVE-2023-23381) that would result in arbitrary code execution. On preliminary examination, it seems that these have been distant accessible, considerably elevating the dangers, however these developer-related vulnerabilities all require native entry. Coupled with 5 different elevation of privilege vulnerabilities additionally affecting Microsoft Visual Studio (all rated vital) as effectively, we do not see an pressing patch requirement. Add these updates to your commonplace developer launch schedule.Adobe Reader (nonetheless right here, however simply not this month)No updates from Adobe for Reader or Acrobat this month. That stated, Adobe has launched numerous safety updates for its different merchandise with APSB23-02. I believe that we’ve sufficient printing and a few Microsoft XPS points to check and deploy to maintain us busy.
Copyright © 2023 IDG Communications, Inc.