Microsoft’s August Patch Tuesday unencumber addresses 123 safety problems in Microsoft Home windows, Place of business, Alternate (it is again!) and Visible Studio — and sadly, we’ve two zero-days with reviews of lively exploitation within the wild. Since that is a extensive replace, it is going to require making plans and trying out prior to deployment.
The primary (CVE-2022-34713) happens within the Home windows diagnostic gear and the second one (CVE-2022-30134) impacts Microsoft Alternate. Principally, the vacations are over and it is time to be aware of Microsoft updates once more. We have now made “Patch Now” suggestions for Home windows, Alternate and Adobe for this month.
You can to find additional information at the chance of deploying those Patch Tuesday updates in this infographic.
Key trying out situations
Given the huge selection of adjustments incorporated on this August patch cycle, I’ve damaged down the trying out situations into prime chance and usual chance teams:
Top Chance: Those are prone to come with capability adjustments, would possibly deprecate current capability and can most likely require growing new trying out plans:
- Carrier Stack Replace: There’s a important trade to the Microsoft Servicing Stack (SSU). I’ve written a short lived explainer that main points one of the ways in which Microsoft “updates the update process” and the way its servicing stack has moved to a unique, blended replace every Patch Tuesday. The adjustments incorporated for August would require reboot trying out to assemble/collate after which parse tournament viewer logs. Microsoft equipped a to hand connection with Home windows Boot Supervisor tournament viewer recordsdata present in KB5016061.
- Internet Printing: Even though there don’t seem to be any practical adjustments, Microsoft has up to date how internet paperwork (HTML and JPEG) are revealed. Elementary print trying out is needed right here. It does not seem like this replace will take down any servers, printer server or differently.
The next updates don’t seem to be documented as practical adjustments, however nonetheless require a complete check cycle:
- Microsoft FAX: Like printing, we have to check endeavor FAX products and services with every Patch Tuesday replace. This month’s replace is in fact beautiful cool; it addresses a vulnerability in junctions, which I’ve now not used for the reason that early 2000’s. Here is a trace: keep away from FAX drivers, and do not use junctions. They had been a fab technique to cope with listing redirect necessities throughout the registry — and are indubitably now not wanted in a contemporary desktop.
- DirectComposition: This Home windows part lets in for speedy bitmapping and animations. There was once an API replace this month that may require trying out for internally evolved programs. I will’t proportion the precise API adjustments, however I recommend you scan your programs (and therefore check) for any references for IDCompositionDevice3.
- Microsoft Place of business Updates: We propose a common “smoke” check for all up to date Microsoft Place of business merchandise this month. Particularly for Outlook, we advise trying out with a Gmail account after which switching to a Microsoft account; check sending invitations between accounts. This is applicable to all supported variations of Microsoft Place of business.
Given the adjustments to the SSU, Windows Boot Manager and updates to the Home windows kernel (WIN32KY.SYS) this month, it can be value looking at some Microsoft trying out platforms such because the Microsoft Check Authoring and Execution Framework (TAEF). You’ll have to know C++ or C# and you’re going to want the Home windows Motive force equipment (WDK). Noting that for every of those trying out situations, a guide shut-down, reboot and restart is usually recommended, with a focal point on Boot Supervisor entries within the tournament viewer logs.
Identified problems
Each and every month, Microsoft features a checklist of recognized problems that relate to the working components and platforms which can be incorporated on this replace cycle. This month, there are some actually advanced adjustments:
- The Safe Boot Forbidden Signature Database (DBX) prevents UEFI modules from loading on programs with the Unified Extensible Firmware Interface (UEFI). The KB5012170 replace provides modules to the DBX in an try to cope with a vulnerability that exists within the protected boot loader procedure. Sadly, if BitLocker is enabled with the PCR7 binding, this replace would possibly fail. To get to the bottom of this factor, use the next command: “Set up-bde –Protectors –Disable C: -RebootCount 1.” Then deploy the replace and reboot.
- After putting in KB4493509, gadgets with some Asian language packs put in would possibly obtain the mistake “0x800f0982 -PSFX_E_MATCHING_COMPONENT_NOT_FOUND”. PSFX is a differential compression mode utilized in decreasing the dimensions of Microsoft updates. Microsoft has most likely printed probably the most fascinating update and deployment and packaging article ever to be incorporated in the course of an extended technical article associated with packaging and updates. For the reason that this factor pertains to how Home windows installs feature-level elements, Microsoft recommends reinstalling any language packs. This normally solves the issue — although it isn’t an professional repair.
- After putting in this month’s replace on Home windows 10 builds, IE mode tabs in Microsoft Edge would possibly forestall responding when a web page shows a modal dialog box. Microsoft remains to be operating on an professional repair.
And for the most recent unencumber of Home windows 11, it seems like this month’s replace would possibly result in the application XPS Viewer behaving badly (the use of expanding processor and reminiscence assets) prior to last all of a sudden (i.e. badly). A reboot will remedy the problem till Microsoft posts a repair.
Main revisions
Even though we’ve fewer “new” patches launched this month, there are numerous up to date and newly launched patches from earlier months:
- CVE-2022-26832: NET Framework Denial of Carrier Vulnerability. That is the fourth replace to this .NET safety repair. First launched in April, all next revisions have associated with updating the goods which can be suffering from this patch. It sounds as if that every one variations of Home windows 10, Home windows Server 2016 and with this newest revision, Home windows 8 and Server 2012, are affected. If you are the use of Home windows replace (and even Autopatch), no additional motion is needed.
- CVE-2022-30130: .NET Framework Denial of Carrier Vulnerability. This revision to Might’s replace now contains protection for Home windows 8 and Server 2012. That is most effective an informational replace — no additional motion required.
- ADV200011: Microsoft Steering for Addressing Safety Function Bypass in GRUB. This revision pertains to the Linux sub-system boot loader in Home windows. For more info check with KB5012170 and the very informative weblog submit, “There is a hole in the boot.”
Mitigations and workarounds
- CVE-2022-34715: Home windows Community Document Gadget Faraway Code Execution Vulnerability. Microsoft has presented a suite of PowerShell mitigation instructions to scale back the severity of an assault by means of disabling NFSV4.1 :”PS C:Set-NfsServerConfiguration -EnableNFSV4 $false.” Operating this command would require a reboot of the objective components. Microsoft recommends patching those programs once conceivable, even with NFSV4.1 disabled.
- CVE-2022-34691: Energetic Listing Area Services and products Elevation of Privilege Vulnerability. Microsoft advises that this vulnerability is appropriate in case you are, actually, in fact operating Active Directory Certificate Services. If you’re, you should deploy the Microsoft Might 10 replace straight away and allow Audit occasions. Take your time making plans and deploying this patch as it should put your server into a distinct compatibility mode. You’ll be able to learn extra right here KB5014754. You’ve got till Might 9, 2023 prior to Microsoft closes this loophole.
One of the most essential workaround this month pertains to Microsoft Outlook crashing and locking up straight away after start-up. Microsoft explains, “Whilst you delivery Outlook Desktop, it will get previous loading profile and processing, in brief opens, after which stops responding,” Microsoft is these days operating at the factor and we predict an replace quickly. Microsoft presented the next workarounds:
- Signal out and in Place of business.
- Disable fortify diagnostics in Outlook with the next registry keys: softwarepoliciesmicrosoftoffice16.0outlookoptionsgeneraldisablesupportdiagnostics, Disabled price =0
- Manually set the e-mail cope with to the identification of the consumer this is seeing the problem within the registry trail.
You’ll be able to to find out extra about Microsoft Diagnostic settings here. It is a little embarrassing for Microsoft as that is every other important Place of business factor following the new Uber receipt crashing factor.
Each and every month, we spoil down the replace cycle into product households (as outlined by means of Microsoft) with the next fundamental groupings:
- Browsers (Microsoft IE and Edge);
- Microsoft Home windows (each desktop and server);
- Microsoft Place of business;
- Microsoft Alternate;
- Microsoft Construction platforms (ASP.NET Core, .NET Core and Chakra Core);
- And Adobe (retired???, possibly subsequent yr).
Browsers
Microsoft launched 3 updates to its Edge browser (CVE-2022-33636, CVE-2022-33649 and CVE-2022-35796). Following a pattern, none of those are rated as vital. There have been additionally 17 updates to the Chromium challenge. Google has printed these kind of adjustments in its update log. For additional knowledge, check with the Chromium security update page. Along side those safety fixes, there have been a couple of new options in the most recent strong unencumber (103) which can be found here. Upload those low-profile updates in your usual patch unencumber time table.
Home windows
Microsoft addressed 13 vital problems and 43 problems rated essential this month. That is quite extensive replace that covers the next key Home windows options:
- Home windows Level-to-Level Tunneling Protocol together with RAS;
- Kernel Updates (Win32K.SYS);
- Home windows Safe Socket Tunneling Protocol (SSTP);
- Home windows Print Spooler Parts.
Along with this massive replace, CVE-2022-34713 (Microsoft Home windows Fortify Diagnostic Device (MSDT) Faraway Code Execution Vulnerability) has been reported as each publicly disclosed and exploited within the wild, making this a significant Home windows zero-day. This critical Home windows safety flaw is a path traversal flaw that attackers can exploit to replicate an executable to the Home windows Startup folder when a consumer opens a specially-crafted record via an electronic mail consumer or downloaded from the internet. In lighter information, you’ll to find the most recent Windows 11 update video here. Upload those vital Home windows updates in your “Patch Now” unencumber time table.
Microsoft Place of business
Microsoft launched an out-of-band (OOB) patch (KB5002248) for Microsoft Place of business 2016 (each 32- and 64-bit) when it comes to VBA tasks and Microsoft Get entry to. This month’s unencumber cycle delivers most effective 4 updates, all rated essential. Microsoft Excel, Outlook and a couple of core Microsoft Place of business libraries are affected, with probably the most critical resulting in far off code execution situations. Thankfully, all of those safety problems have professional fixes from Microsoft and are all somewhat tough to milk, in particular in a well-managed endeavor surroundings. Upload those low-profile updates in your usual unencumber time table.
Microsoft Alternate Server
Sadly we’ve six updates for Microsoft Alternate Server, with 3 rated vital and the remainder 3 rated essential. As promised in May, Microsoft has up to date its patching procedure to incorporate self-extracting EXE’s. You’re going to now not to find those newest updates within the Microsoft catalog, so I’ve incorporated an inventory of updates to be had for the next particular builds of Alternate Server:
Given the publicly disclosed vulnerability in Microsoft Alternate (CVE-2022-30134) which permits an attacker to learn focused electronic mail messages, Microsoft has advisable you practice those safety comparable fixes straight away (italics added by means of Microsoft). To get the most recent updates, you might also must run the Exchange SetupAssist PowerShell script.
Your company would possibly already be pleased with the brand new replace structure, however in case you are doubtful in regards to the standing of your Alternate servers, you’ll run the Microsoft CSS Health Checker. My feeling is that some preparation and making plans is needed to degree those updates. It took me some time simply to stroll throughout the patching determination/good judgment timber this month, by no means thoughts troubleshooting failed Exchange updates. Upload this month’s updates in your “Patch Now” time table, noting that every one updates this month would require a server reboot.
Microsoft construction platforms
Microsoft launched 5 updates rated as essential for Visible Studio and .NET Core. The .NET vulnerability (CVE-2022-34716) is actually difficult to milk and will depend on effectively executing a technically difficult blind “exterior entity” injection (XXE) assault. The remainder Visible Studio vulnerabilities relate to far off code execution (RCE) situations exploited via an area electronic mail consumer (requiring the consumer to open a specifically crafted record). Upload those updates in your usual developer replace time table.
Adobe (actually simply Reader)
Who would have idea it? We’re again this August with 3 updates rated vital and 4 as essential for Adobe Reader. APSB22-39 has been printed by means of Adobe however now not incorporated by means of Microsoft on this month’s patch cycle. All seven reported vulnerabilities relate to reminiscence leak problems and may just result in a far off code execution situation (RCE), requiring instant consideration. Upload those Adobe updates in your “Patch Now” time table.
Copyright © 2022 IDG Communications, Inc.