With this month’s Patch Tuesday update, Microsoft addressed 130 security vulnerabilities, published two advisories, and included four major CVE revisions. We also have four zero-days to manage for Windows (CVE-2023-32046, CVE-2023-32049, CVE-2023-36874 and CVE-2023-36884), bringing the Windows platform into a “patch now” schedule.
It should be easier to focus on Microsoft Office and Windows testing this month, as we do not have any Adobe, Exchange, or browser updates. Be sure to carefully review Microsoft’s Storm 0978 as it provides specific, actionable guidance on managing the serious HTML vulnerability in Microsoft Office (CVE-2022-38023).
The Readiness team has crafted this helpful infographic to outline the risks associated with each of the updates.
Known issues
Microsoft each month lists known issues that relate to the operating system and platforms included in the latest update cycle.
After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are affected. Microsoft and VMware are investigating the problem and will offer more information when it’s available.
Using provisioning packages on Windows 11, version 22H2 might not work as expected. Windows might only be partially configured, and the out-of-box experience might not finish or might restart unexpectedly.
Major revisions
Microsoft has published two major revisions:
CVE-2022-37967: Windows Kerberos Elevation of Privilege Vulnerability (4th update). This updates removes the ability to set value 1 for the KrbtgtFullPacSignature subkey, and enable the Enforcement mode (Default) (KrbtgtFullPacSignature = 3) which can be overridden by an Administrator with an explicit Audit setting. No further action is required if you apply this month’s update.
CVE-2022-38023: Netlogon RPC Elevation of Privilege Vulnerability. The (previous) April 2023 updates remove the ability to disable RPC sealing by setting value 0 to the RequireSeal registry subkey.
Mitigations and workarounds
Microsoft published the following vulnerability-related mitigations for this release:
CVE-2023-32038: Microsoft ODBC Driver Remote Code Execution Vulnerability. Microsoft recommends that if you only connect to known, trusted servers — and if there is no ability to reconfigure existing connections to point to another location — this vulnerability cannot be exploited.
CVE-2023-36884: Office and Windows HTML Remote Code Execution Vulnerability (one of the zero-day exploits this cycle). Microsoft notes that if you are using Microsoft Defender you’re protected. For more cynical/jaded/experienced professionals, we recommend that you (carefully) read the Threat Intelligence post (Storm-0978).
CVE-2023-35367, CVE-2023-35366 and CVE-2023-35365: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. If you are not…
2023-07-15 16:48:02
Source from www.computerworld.com rnrn