Patch Tuesday: Microsoft rolls out 90 updates for Home windows, Workplace | Digital Noch

Patch Tuesday: Microsoft rolls out 90 updates for Home windows, Workplace | Digital Noch

With its August Patch Tuesday launch, Microsoft pushed out 90 updates for the Home windows and Workplace platforms. The newest fixes embody  one other replace for Microsoft Alternate (together with with a warning about failed updates to Alternate Server 2016 and 2019) and a “Patch Now” advice from us for Workplace.

The staff at Utility Readiness has crafted this handy infographic outlining the dangers related to every of the updates for this month.

Recognized points

Every month, Microsoft features a checklist of recognized points affecting the most recent replace cycle. For August, they embody:

  • After putting in this replace on visitor digital machines (VMs) operating Home windows Server 2022 on some variations of VMware ESXi, Home windows Server 2022 may not begin up. Microsoft and VMware are each investigating the difficulty.
  • Provisioning packages on Home windows 11 model 22H2 (additionally referred to as Home windows 11 2022 Replace) may not work as anticipated. Home windows may solely be partially configured, and the out-of-box expertise may not end or may restart unexpectedly. Provisioning the Home windows gadget earlier than upgrading to Home windows 11 model 22H2 ought to forestall the difficulty.

Sadly for these nonetheless utilizing Home windows Server 2008 ESU, this month’s replace may fail fully with the message, “Failure to configure Home windows updates. Reverting Adjustments. Don’t flip off your pc.” Microsoft affords some recommendation on ESU updates, however you may discover you must wait a short while earlier than you are capable of efficiently replace legacy Alternate servers. Sorry about that.

Main revisions

Microsoft has revealed these main revisions masking:

  • ADV190023: Microsoft Steerage for Enabling LDAP Channel Binding and LDAP Signing. This newest replace provides the potential to allow CBT occasions 3074 & 3075 with occasion supply **Microsoft-Home windows-ActiveDirectory_DomainService** within the Listing Service occasion log.
  • ADV230001: Steerage on Microsoft Signed Drivers Being Used Maliciously. Microsoft has introduced that the Aug. 8  Home windows Safety updates (see Safety Updates desk) add extra untrusted drivers and driver signing certificates to the Home windows Driver.STL revocation checklist.
  • CVE-2023-29360: Microsoft Streaming Service Elevation of Privilege Vulnerability. Microsoft has corrected CVE titles and up to date a number of CVSS scores for the affected merchandise.
  • CVE-2023-35389: Microsoft Dynamics 365 On-Premises Distant Code Execution Vulnerability. On this newest replace, Microsoft eliminated Microsoft Dynamics 365 (on-premises) model 9.1, as it isn’t affected by the vulnerability. That is an informational change solely. No additional motion required.

Mitigations and workarounds

Microsoft revealed the next vulnerability-related mitigations for this launch cycle:

  • CVE-2023-35385: Microsoft Message Queuing Distant Code Execution Vulnerability. The Home windows message queuing service, which is a Home windows element, must be enabled for a system to be exploitable by this vulnerability. Examine to see whether or not there’s a service operating named Message Queuing and TCP port 1801 is listening on the machine.
  • CVE-2023-36882: Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability. Microsoft affords the next mitigation recommendation for this critical vulnerability: “In case your setting solely connects to recognized, trusted servers and there’s no means to reconfigure present connections to level to a different location (for instance you utilize TLS encryption with certificates validation), the vulnerability can’t be exploited.”

Testing steering 

Every month, the Readiness staff analyzes the most recent Patch Tuesday updates and offers detailed, actionable testing steering. This steering is predicated on assessing a big utility portfolio and an in depth evaluation of the patches and their potential impression on the Home windows platforms and app installations.

Given the numerous variety of modifications included this month, I’ve damaged down the testing situations into high-risk and standard-risk teams:

Excessive danger

As all of the high-risk modifications have an effect on the Microsoft Home windows core kernel and inside messaging subsystem (although we’ve got not seen any revealed performance modifications), we strongly advocate the next centered testing:

  • There have been a variety of vital updates to the Microsoft Message Queue (MSMQ). This may have an effect on servers that depend on triggers, routing providers, and multicasting help. Our expectation is that internally developed line-of-business consumer/server purposes are almost certainly to be affected and due to this fact want elevated consideration and testing this month.

Normal danger

  • Home windows error reporting has been up to date, so you’ll need to do a “CRUD” take a look at in your Home windows Widespread Log File System (CLFS) logs.
  • A gaggle coverage refresh needs to be included on this testing cycle attributable to modifications within the NT person coverage (each person and machine) information. As a result of API modifications on this characteristic, you may also need to test file paths in your resultant log information.
  • Microsoft’s Crypto (CNG) APIs have been up to date, so good card installations would require testing.
  • ODBC purposes would require testing once more this month attributable to an replace to the SQLOLEDB libraries.

And this is one for Home windows centered IT directors: Microsoft has up to date the WinSAT API. This software is described by Microsoft:

The Home windows System Evaluation Instrument (WinSAT) exposes a variety of lessons that assess the efficiency traits and capabilities of a pc. Builders can use this API to develop software program that may entry the efficiency and functionality info of a pc to find out the optimum utility settings primarily based on that pc’s efficiency capabilities.”

All these situations would require vital application-level testing earlier than normal deployment. Along with these particular testing necessities, we advise a normal take a look at of the next printing options:

  • Replace all of your print servers and validate that the printer administration software program behaves as anticipated whereas operating print jobs.
  • Uninstall any print administration software program after an replace to make sure that your server continues to be operating as anticipated.
  • Take a look at all printer producer sorts, utilizing each native and distant printer exams.

Automated testing will assist with these situations (particularly a testing platform that provides a “delta” or comparability between builds). Nevertheless, in your line-of-business purposes, getting the app proprietor (doing UAT) to check and approve the outcomes is completely important.

Every month, we break down the replace cycle into product households (as outlined by Microsoft) with the next primary groupings:

  • Browsers (Microsoft IE and Edge);
  • Microsoft Home windows (each desktop and server);
  • Microsoft Workplace;
  • Microsoft Alternate Server;
  • Microsoft Growth platforms (ASP.NET Core, .NET Core and Chakra Core);
  • Adobe (nonetheless right here, however with one other A).

Browsers

Persevering with a welcome development, Microsoft launched 11 updates to its Chromium browser initiatives (Edge) and no patches to its legacy browsers. You may learn extra about Microsoft Edge launch notes right here, noting that Chrome/Edge updates have been launched on Monday (Aug. 7) not the same old “Patch Tuesday.”

Add these browser updates to your normal patch launch schedule.

Home windows

Microsoft launched three crucial updates, 32 rated as necessary and one rated as average. All (three) of the crucial updates to the Home windows platform relate to the Home windows Message Queuing (MSMQ). Although these crucial updates have a ranking of 9.8 (that is fairly excessive), they haven’t been publicly disclosed or reported as exploited. Not each group will make use of the MSMQ characteristic, so for many groups, the testing profile needs to be fairly gentle. Add these Home windows updates to your normal launch schedule.

Microsoft Workplace

Microsoft has launched three crucial updates to Microsoft Outlook (CVE-2023-36895, CVE-2023-29330 and CVE-2023-29328) that require rapid consideration. Along with these patches, Microsoft has launched 11 updates rated as necessary and one rated as average. These 12 updates have an effect on Microsoft Workplace usually and Visio. Add these Workplace updates to your “Patch Now” launch schedule.

Microsoft Alternate Server

Earlier than you do something, do not replace your non-English Microsoft Alternate Servers (2019 and 2016). This month’s replace will fail mid-way by and depart your server in an “undetermined state.” Now that this has (not) been finished, you’ll be able to attend to the six Alternate updates (all rated as necessary) for this month. No crucial updates confirmed up, so take your time. Word: all these August patches would require a server reboot. Add these updates to your normal launch schedule. 

Microsoft improvement platforms

Microsoft has launched eight updates to the Microsoft .NET and ASP.NET platforms this month. These patches have been rated as necessary and needs to be included in your normal developer launch schedule.

Adobe Reader (nonetheless right here, however with one other A)

Adobe is again. And we’ve got one other “A” to fret about (kinda bizarre, huh?). APSB23-30 from Adobe patches a crucial vulnerability in Adobe Reader — add it to your “Patch Now” schedule. And the opposite “A”? Following the current development of supporting third-party patches within the Microsoft replace launch cycle (keep in mind the Autodesk replace in June?), Microsoft has launched CVE-2023-20569; it is said to an AMD memory-related vulnerability. You may learn extra about this on the AMD website right here

Patching? Positive. 

Testing? Unsure.

Copyright © 2023 IDG Communications, Inc.

#Patch #Tuesday #Microsoft #rolls #updates #Home windows #Workplace

Related articles

spot_img

Leave a reply

Please enter your comment!
Please enter your name here