Patch Tuesday contains 6 Windows zero-day flaws; patch now!
Microsoft this month launched a big replace that fixes 68 reported vulnerabilities, together with a file six zero-days affecting the Windows platform.
RA2Studio / Getty Images
Microsoft on Tuesday launched a tightly targeted however nonetheless important replace that addresses 68 reported (some publicly) vulnerabilities. Unfortunately, this month brings a brand new file: six zero-day flaws affecting Windows. As a outcome, now we have added each the Windows and Exchange Server updates to our “Patch Now” schedule. Microsoft additionally revealed a “protection in depth” advisory (ADV220003) to assist safe Office deployments. And there are a small variety of Visual Studio, Word, and Excel updates so as to add to your customary patch launch schedule.
You can discover extra data on the dangers of deploying these Patch Tuesday updates in our infographic.
Known points
Each month, Microsoft features a checklist of recognized points that relate to the working system and platforms included on this replace cycle. There are two main reported points with Windows 11 — each associated to deploying and updating Windows 22H2 machines:
In addition to those points, Microsoft SharePoint Server has skilled two points with the November and September updates:
- Web Part Pages Web Service strategies could also be affected by the September 2022 safety replace. For extra data, see KB5017733.
- Some SharePoint 2010 workflow eventualities could also be blocked. For extra data, see KB5017760.
Major revisions
Technically talking, Microsoft revealed eight revisions this month, all for the Chromium Edge browser. In follow, these “revisions” had been customary updates to the Microsoft Edge browser and have been included in our Browser part. No different revisions to earlier patches or updates had been launched this month.
Mitigations and workarounds
A single work-around has been revealed for the November Patch Tuesday:
- CVE-2022-37976: Active Directory Certificate Services Elevation of Privilege Vulnerability. A system is susceptible provided that each the Active Directory Certificate Services position and the Active Directory Domain Services position are put in on a server within the community. Setting LegacyAuthenticationLevel – Win32 apps | Microsoft Docs to five= RPC_C_AUTHN_LEVEL_PKT_INTEGRITY may defend most processes on the machine in opposition to this assault. For extra data see the next part on Setting System-Wide Security Using DCOMCNFG.
No different mitigations or workarounds for Microsoft platforms had been launched.
Each month, the Readiness group analyzes the patches utilized to Windows, Microsoft Office, and associated expertise/improvement platforms. We have a look at every replace, the person adjustments and the potential impression on enterprise environments. These testing eventualities supply some structured steering on the way to greatest deploy Windows updates to your setting.
High Risk: This month, Microsoft didn’t report any high-risk performance adjustments, which means it has not up to date nor made main adjustments to core APIs, performance or any of the core parts or purposes included within the Windows desktop and server ecosystems.
More typically, given the broad nature of this replace (Office and Windows), we propose testing the next Windows options and parts:
- Hyper-V Update: a easy check of beginning and stopping VMs and remoted containers will suffice for this minor replace.
- Microsoft PPTP VPN: train your typical VPN eventualities (join/disconnect/restart) and attempt to simulate a disruption. Contrary to earlier suggestions, no prolonged trials are required.
- Microsoft Photo App: be certain that your RAW picture extensions work as anticipated.
- Microsoft ReFS and ExFat: a typical CRUD check (Create/Rename/Update/Delete) will suffice this month.
There had been a number of updates to how group insurance policies are carried out on Windows platforms this month. We recommend spending a while making certain that the next options are working:
- GPO coverage creation/deployment and deletion.
- Editing GPO insurance policies, with a validation examine to see whether or not these up to date insurance policies have been utilized to your complete OU.
- Ensure that each one symbolic hyperlinks are working as anticipated (redirects to consumer knowledge).
And, with all testing regimes required when making adjustments to Microsoft GPOs, bear in mind to make use of the “gpupdate /power” command to make sure that all adjustments have been dedicated to the goal system.
Who makes use of the Windows Overlay Filter Feature?
System engineers, that is who. If you’ve needed to construct consumer machines for giant automated enterprise deployments you could have to work with the Windows Overlay Filter (WoF) driver for WIM boot information. WoF permits for considerably higher compression ratios of set up information and was launched in Windows 8. If you might be in the course of a big client-side deployment effort this month, be certain that your WIM information are nonetheless accessible after the November replace. If you are in search of extra data on this key Windows deployment characteristic, try this weblog submit on WoF knowledge compression.
Unless in any other case specified, we should always assume that every Patch Tuesday replace would require testing of core printing features together with:
- printing from immediately related printers;
- massive print jobs from servers (particularly if they’re additionally area controllers);
- distant printing (utilizing RDP and VPN).
Each month, we break down the replace cycle into product households (as outlined by Microsoft) with the next primary groupings:
- Browsers (Microsoft IE and Edge);
- Microsoft Windows (each desktop and server);
- Microsoft Office;
- Microsoft Exchange Server;
- Microsoft Development platforms ( ASP.NET Core, .NET Core and Chakra Core);
- Adobe (retired???, possibly subsequent yr).
Browsers
Including final week’s mid-cycle replace to Microsoft Edge (Chromium) there are 10 updates to the Chromium core and eight patches to Edge, for a complete of 18 adjustments. For the ten Chrome updates, you’ll be able to discuss with the Chrome Security web page for extra particulars. You can discover hyperlinks to the entire Microsoft updates right here: CVE-2022-3652, CVE-2022-3653, CVE-2022-3654, CVE-2022-3655, CVE-2022-3656, CVE-2022-3657, CVE-2022-3660, CVE-2022-3661. All 18 updates are low-profile, low-impact updates to the browser stack and could be added to your customary desktop replace schedule.
Microsoft Windows
There’s good and dangerous information this month for Windows. The dangerous information is now we have six Windows zero-days with each publicly reported vulnerabilities and reported exploits within the wild. The excellent news is that solely one of many vulnerabilities (which is unbelievable) is rated crucial by Microsoft. This month’s replace covers the next Windows options:
- Windows Scripting (the Windows scripting host or object);
- Networking (significantly how HTTPS is dealt with);
- Windows Printing (the print spooler, once more);
- ODBC (the least of our worries this month).
We are seeing some reviews of issues this month with Kerberos. In response, Microsoft has supplied two Knowledge Base articles on the way to deal with the November adjustments:
- How to handle Kerberos protocol adjustments associated to CVE-2022-37967.
- How to handle the Netlogon protocol adjustments associated to CVE-2022-38023.
Given the character of those reported zero-days, and accounting for the comparatively slender change profile this month, we advocate rapid patching for all Windows techniques. Add these Windows updates to your “Patch Now” schedule — and this time we actually imply it.
Microsoft Office
Microsoft launched eight updates to the Office platform, affecting Word, Excel and SharePoint server. There had been no crucial updates this month (no preview pane vulnerabilities), with every patch rated essential by Microsoft. In addition, Microsoft launched a “Defense in Depth” advisory (ADV220003) for Office. These Microsoft advisories cowl the next enhanced safety options:
- Anti-phishing insurance policies.
- Enhanced filtering for connectors in Exchange Online.
- Priority account safety.
- Trusted ARC.
These options are value additional examination; you’ll be able to learn extra about these and different preventative safety measures right here. Add these low-impact Microsoft Office updates to your customary launch schedule.
Microsoft Exchange Server
Unfortunately, now we have Microsoft Exchange Server updates again on the roster this month. Microsoft launched 4 updates; one (CVE-2022-41080) was rated as crucial and the opposite three as essential. The crucial elevation of privilege vulnerability in Exchange has a score of CVSS 8.8 and although we do not see reported exploits, this can be a severe low-complexity community accessible concern. Exchange directors have to patch their servers this weekend. Add this to your “Patch Now” launch schedule.
Microsoft improvement platforms
Microsoft launched 4 updates, all rated essential, to its Visual Studio platform. Both the Visual Studio and Sysmon instruments are low profile, non-urgent updates to discrete Microsoft developer instruments. Add these to your common developer patch schedule.
Adobe (actually, simply Reader)
No updates from Adobe for November. Given the variety of patches launched final month, that is no shock. We may even see one other massive replace from Adobe in December, given its regular replace/launch cadence.