With its August Patch Tuesday release, Microsoft pushed out 90 updates for the Windows and Office platforms. The latest fixes include another update for Microsoft Exchange (along with with a warning about failed updates to Exchange Server 2016 and 2019) and a “Patch Now” recommendation from us for Office.
The team at Application Readiness has crafted this useful infographic outlining the risks associated with each of the updates for this month.
Known issues
Each month, Microsoft includes a list of known issues affecting the latest update cycle. For August, they include:
After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up. Microsoft and VMware are both investigating the issue.
Provisioning packages on Windows 11 version 22H2 (also called Windows 11 2022 Update) might not work as expected. Windows might only be partially configured, and the out-of-box experience might not finish or might restart unexpectedly. Provisioning the Windows device before upgrading to Windows 11 version 22H2 should prevent the issue.
Unfortunately for those still using Windows Server 2008 ESU, this month’s update might fail completely with the message, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer.” Microsoft offers some advice on ESU updates, but you might find you have to wait a little while before you’re able to successfully update legacy Exchange servers. Sorry about that.
Major revisions
Microsoft has published these major revisions covering:
ADV190023: Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing. This latest update adds the capability to enable CBT events 3074 & 3075 with event source **Microsoft-Windows-ActiveDirectory_DomainService** in the Directory Service event log.
ADV230001: Guidance on Microsoft Signed Drivers Being Used Maliciously. Microsoft has announced that the Aug. 8 Windows Security updates (see Security Updates table) add additional untrusted drivers and driver signing certificates to the Windows Driver.STL revocation list.
CVE-2023-29360: Microsoft Streaming Service Elevation of Privilege Vulnerability. Microsoft has corrected CVE titles and updated one or more CVSS scores for the affected products.
CVE-2023-35389: Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability. In this latest update, Microsoft removed Microsoft Dynamics 365 (on-premises) version 9.1, as it is not affected by the vulnerability. This is an informational change only. No further action required.
Mitigations and workarounds
Microsoft published the following vulnerability-related mitigations for this release cycle:
CVE-2023-35385: Microsoft Message Queuing Remote Code Execution Vulnerability. The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. Check to see…
2023-08-11 16:00:04
Source from www.computerworld.com rnrn