Patch Tuesday: Two zero-day flaws in Windows need immediate attention | Frost Tech

Posted on by admin

Microsoft’s December Patch Tuesday replace delivers 59 fixes, together with two zero-days (CVE-2022-44698 and CVE-2022-44710) that require rapid consideration on the Home windows platform. This can be a community (TCP/IP and RDP) centric improve that may require vital testing with an emphasis on ODBC connections, Hyper-V techniques, Kerberos authentication, and printing (each native and distant).

Microsoft has additionally launched an pressing out-of-band replace (CVE-2022-37966) to deal with severe Kerberos authentication points. (The Readiness workforce has offered a useful infographic outlining the dangers related to every of those updates.)

And Home windows Scorching-Patching for Azure Digital Machines (VMs) is now accessible.

Recognized points

Every month, Microsoft features a checklist of identified points associated to the working system and platforms included on this replace cycle.

  • ODBC: After putting in the December replace, purposes that use ODBC connections via the Microsoft ODBC SQL Server driver (sqlsrv32.dll) to entry databases might fail to attach. You might obtain the next error messages: “EMS system encountered an issue. Message: [Microsoft] [ODBC SQL Server Driver] Unknown token obtained from SQL Server.”
  • RDP and Distant Entry: After putting in this or later updates on Home windows desktop techniques, you could not be capable of reconnect to Direct Entry (Microsoft) after quickly shedding community connectivity or switching between Wi-Fi networks or entry factors.
  • Hyper-V: After putting in this replace on Hyper-V hosts managed by System Heart Digital Machine Supervisor (VMM) configured with SDN, you would possibly obtain an error in workflows that contain creating a brand new community adapter (additionally known as a community interface card or NIC) hooked up to a community VM or a brand new digital machine (VM).
  • Lively Listing: Attributable to further safety necessities to deal with safety vulnerabilities in CVE-2022-38042, new safety checks are applied on area netjoin requests. These further checks might consequence within the following error message: “Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: An account with the identical identify exists in Lively Listing. Safety coverage blocked account reuse.”

In preparation for this month’s improve to Home windows 10 and 11 techniques, we advocate working an analysis on all software packages and in search of a dependency on the SQLSRV32.DLL system file. If you could examine a particular system, open a command immediate and run the command “tasklist /m sqlsrv32.dll”. This could checklist all of the processes that depend upon this file.

necessary revisions

Microsoft launched just one hotfix this month, with no different hotfixes from earlier patches or updates.

  • CVE-2022-37966 Home windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability – To deal with a identified situation the place Kerberos authentication would possibly fail for consumer, laptop, service, and GMSA accounts when dealt with by Home windows area controllers. This patch revision has been launched as a uncommon out-of-band replace and would require rapid consideration, if it has not already been addressed.

Mitigations and Workarounds

Whereas a number of documentation updates and FAQs have been added to this launch, Microsoft launched just one mitigation:

  • CVE-2022-37976: Lively Listing Certificates Elevation of Privilege: A system is susceptible to this safety vulnerability provided that each the Lively Listing Certificates Companies function and the Lively Listing Area Companies function are put in on the system. similar server on the community. Microsoft has launched a set of registry keys (LegacyAuthenticationLevel) that may assist cut back the floor of this drawback. You’ll be able to be taught extra about tips on how to shield your techniques right here.

check information

Every month, the Readiness workforce opinions the most recent updates and supplies testing steering. This information relies on the analysis of a big portfolio of purposes and an in depth evaluation of Microsoft patches and their potential influence on Home windows platforms and software installations.

Given the massive variety of modifications included on this cycle, I’ve damaged down the check situations into high-risk and standard-risk teams.

Excessive threat: This month, Microsoft has not registered any high-risk performance modifications. Which means you haven’t made any main modifications to the core APIs or performance of any of the core parts or purposes included within the Home windows desktop and server ecosystems.

Extra usually, given the broad nature of this replace (Workplace and Home windows), we propose testing the next Home windows options and parts:

  • Bluetooth: Microsoft has up to date two units of key API/Header recordsdata for the Bluetooth drivers, together with: IOCTL_BTH_SDP_REMOVE_RECORD IOCTL and the DeviceIoControl perform. The important thing check activity right here is to allow after which disable Bluetooth, ensuring that your information connections proceed to work as anticipated.
  • Git – Git Digital Filesystem (VfSForGit) has been up to date with modifications to file and registry mappings. You’ll be able to learn extra about this key (inner) Home windows improvement software right here.

Along with these modifications and testing necessities, I’ve included a number of the harder check situations for this replace:

  • Home windows Kernel – There’s a giant replace to the Home windows kernel (Win32kfull.sys) this month that may have an effect on the principle desktop UI expertise. Key patched options embody the Begin menu, Settings applet, and File Explorer. Given the large UI check footprint, a bigger check pool could also be required on your preliminary deployment. For those who nonetheless see your desktop or taskbar, take that as a constructive signal.

After final month’s improve to Kerberos authentication, a number of points associated to authentication have been reported, particularly on distant desktop connections. Microsoft detailed the next situations and associated points addressed this month:

  • Area consumer login might fail. This might additionally have an effect on Lively Listing Federation Companies (AD FS) authentication.
  • Group Managed Service Accounts (gMSAs) used for companies resembling Web Info Companies (IIS Net Server) might fail to authenticate.
  • Distant Desktop connections utilizing area customers might fail to attach.
  • You might not be capable of entry shared folders on workstations and file shares on servers.
  • Printing that requires area consumer authentication might fail.

All of those situations require vital testing earlier than a normal rollout of the December Replace.

Except in any other case specified, we should now assume that every Patch Tuesday replace would require testing of core printing options, together with:

  • Printing from straight related printers.
  • add a printer after which delete a printer (that is new for December).
  • giant print jobs from servers (particularly if they’re additionally area controllers).
  • distant printing (utilizing RDP and VPN).
  • check bodily and digital situations with 32-bit purposes on 64-bit machines.

Home windows Lifecycle Replace

This part contains necessary service modifications (and most safety updates) for Home windows desktop and server platforms. Since that is an end-of-year replace, there are fairly just a few “Finish of Service” modifications, together with:

  • Home windows 10 (Enterprise, House, Professional) 21H2 – December 12, 2022.
  • Home windows 8.1 – January 10, 2023.
  • Home windows 7 SP1 (ESU): January 10, 2023.
  • Home windows Server 2008 SP2 (ESU): January 10, 2023.

Every month, we break the replace cycle into product households (as outlined by Microsoft) with the next primary groupings:

  • Browsers (Microsoft IE and Edge);
  • Microsoft Home windows (each desktop and server);
  • microsoft workplace;
  • Microsoft Alternate Server;
  • Microsoft improvement platforms (ASP.NET Core, .NET Core, and Chakra Core)
  • Adobe (retired???, possibly subsequent 12 months),

browsers

Following a welcome development of non-critical updates to Microsoft browsers, this replace provides simply three (CVE-2022-44668, CVE-2022-44708, and CVE-2022-41115), all rated Vital. These updates have an effect on the Microsoft Chromium browser and may have little or marginal influence in your purposes. Add these updates to your customary patch launch schedule.

home windows

Microsoft launched patches to the Home windows ecosystem this month that tackle three essential updates (CVE-2022-44676, CVE-2022-44670, and CVE-2022-41076), with 24 rated Vital and two rated Average. Sadly, this month we’ve these two zero days affecting Home windows with reviews of CVE-2022-44698 being exploited within the wild and CVE-2022-44710 being publicly disclosed. We now have developed particular testing suggestions, noting that there are reported points with Kerberos, Hyper-V, and ODBC connections.

Add this replace to your “Patch Now” launch schedule.

microsoft workplace

Microsoft has addressed two essential vulnerabilities in SharePoint Server (CVE-202244693 and CVE-2022-44690) which can be comparatively straightforward to take advantage of and don’t require consumer interplay. The remaining two vulnerabilities have an effect on Microsoft Visio (CVE-2022-44696 and CVE-2022-44695) and are low-profile, low-impact modifications. Except you are internet hosting your individual SharePoint servers (why?), add these updates from Microsoft to your customary launch schedule.

Microsoft Alternate Server

Microsoft has not launched safety updates, patches, or mitigations for Microsoft Alternate Server. Phew!

Microsoft improvement platforms

Microsoft addressed two essential vulnerabilities in Microsoft .NET (CVE-2022-41089) and PowerShell (CVE-2022-41076) this month. Though each safety points are categorized as essential, they require native administrator entry and are thought of troublesome and complicated to take advantage of. Mark Russinovich’s Sysmon additionally wants an replace with elevation of privilege vulnerability CVE-2022-44704 and all supported variations of Visible Studio will likely be patched. Add these updates to your customary developer launch schedule.

Adobe Reader (nonetheless right here, however not this month)

Adobe has launched three Class 3 updates (equal to Microsoft’s Main score) for Illustrator, Expertise Supervisor, and Marketing campaign (Traditional). There aren’t any Adobe Reader updates this month.

Copyright © 2022 IDG Communications, Inc.



Patch Tuesday: Two zero-day flaws in Windows need immediate attention

x