



This month’s patch Tuesday update is important for several reasons. Although 67 specific vulnerabilities have been addressed, 6 public issues have been addressed, and one has already been exploited, this month’s update is still inferior to addressing the Log4j issue. (Fortunately, there are no browser or Microsoft Exchange updates, and no minimal changes to Microsoft Office.)

We’ve added Windows and Visual Studio updates to our “Patch Now” release cycle recommendations, but Office updates are being pushed to the normal release rhythm. See this infographic for more information on the risks of deploying these patches Tuesday updates.

Key test scenarios

No high-risk changes to the Windows platform have been reported this month. However, there is one additional feature change that has been reported. Here are some recommendations for high-level testing:

Test local printing. Test remote printing and test printing via RDP. Test the reading or processing of ETL files and large WMF files. Test new and existing VPN connections. Includes site-to-site VPN testing. Test NTFS short name scenarios and large file transfers.Known issues

Every month, Microsoft publishes a list of known operating system and platform-related issues included in this update cycle. I have referred to some important issues related to the latest build.

After you install an update that was released after April 22, 2021, you experience issues that affect the version of Windows Server that is used as the Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 may fail to activate. These issues do not affect Windows activation. Microsoft is currently investigating this issue. After you install this update, if you use Remote Desktop to connect to a device in an untrusted domain, the connection may fail to authenticate when you are using smart card authentication. This issue is resolved using a known issue rollback (KIR). This can be implemented using the following Group Policy installation files:

One of the best ways to see if there are any known issues that may affect your target platform is to download patch data on the Microsoft Security Update Guidance or this month’s Security Update Overview page. Check the configuration options.

Major revisions

Microsoft has released four updates, including CVE-2021-43236, CVE-2021-43883, CVE-2021-43893, and CVE-2021-43905, for informational reasons (documents and FAQ updates). .. In addition, Microsoft has released some major updates to previous patches.

CVE-2019-0887, CVE-2020-0655, and CVE-2021-1669: These Remote Desktop Services RCE updates received major revision notifications because the affected system tables were updated. Windows 11 is affected by these security issues and this patch will be applied accordingly. CVE-2021-24084: The range of affected systems has been updated to all supported Windows systems.

Due to the wide range of these patches, you may not have downloaded and applied the patches in November. This month, all four updates will be included in the patch cycle (although their dates may reflect the November release date).

Mitigation and workarounds

This month there is a single reported vulnerability that includes both mitigations and documented workarounds.

CVE-2021-43890: Microsoft has published a set of extensive workarounds for this AppX spoofing vulnerability. The GPO policies BlockNonAdminUserInstall and AllowAllTrustedAppToInstall can be used to reduce the surface area of ​​sideloading attacks against the AppX installer. Microsoft has published a detailed how-to document on setting GPO policies for AppX (and now MSIX).

Each month, the update cycle is categorized into product families (defined by Microsoft) in the following basic groupings:

Browsers (Microsoft IE and Edge); Microsoft Windows (both desktop and server); Microsoft Office; Microsoft Exchange; Microsoft Development Platforms (ASP.NET Core, .NET Core, and Chakra Core); and Adobe. (Retired? Maybe next year.) Browser

This month, the Chromium project released 16 updates for the Microsoft Edge browser. Here you can actually see the tendency that Microsoft’s legacy browsers haven’t been updated. Since these updates are not deployed via Microsoft Update, it is very likely that they are part of the automatic update process for your desktop environment.

For more information, see Security Details on the Chrome Release Blog and Chrome Security Page. Given the nature of Edge (not fully integrated into the OS), there are few compatibility or integration errors expected in this release. Add these Chrome updates to your regular update release schedule.

Windows

In December, Windows will have moderate updates, including 36 updates. Three are rated critical by Microsoft and the remaining 33 are rated important. Usually, the focus is on important patches. However, this month it is better to focus on the following publicly available and exploited vulnerabilities:

This month, there is “only one” reportedly exploited vulnerability with a sideloading spoofing attack on the Microsoft AppX installer component (CVE-2021-43890). Fortunately, this is a complex attack that requires user intervention, and Microsoft has confirmed a formal fix for this issue. Due to the focus on updating core system components (NTFS, installer, and print), we have included some test recommendations.

Run tests that send and receive heavy traffic on the server and desktop. Focus on unique and very large files. Test D3D applications that make heavy use of .WMF files (due to codec updates) and graphics. Test the condition of various network traffic, especially with large data transfers, especially SMB, Encrypting File System, and remote sharing. Install, update, and uninstall core applications in a test environment. Make sure all uninstalls are clean. Test printing, especially remote printing, and printing via RDP. All applications that utilize TLS / SSL need to undergo a basic “smoke test”.

And what about that Log4j issue? Patching the OS is not enough to protect your environment. We strongly recommend that you scan your application portfolio immediately to see JAVA dependencies and references to Log4j components. This week’s news about Log4j issues is just the beginning. From Christmas to New Year, large-scale industrialized attacks are expected. It will get worse. It gets messy.

Add these Windows Updates to your Patch Now schedule to start reducing your application’s attack surface.

Microsoft office

Microsoft has released nine patches for Office, all rated as important. All versions of SharePoint and Access will be affected, as will Word versions 2016 and 2019. There are no attack vectors in the preview pane this month and all reported vulnerabilities require user intervention. Add these Microsoft Office updates to your regular patch release schedule.

Microsoft Exchange Server

The Log4j issue may be coal in your socks, but Microsoft has given us grace from this month’s Microsoft Exchange update. So you can pay more attention to other things like Christmas. Or Log4j. choose.

Microsoft development platform

This month, Microsoft released seven updates that affect Visual Studio, PowerShell, and the ASP.NET / .NET framework, one important and the others rated as important. A single critical rating patch (CVE-2021-43907) is associated with the popular WSL extension. If not patched, there can be scenarios where code is executed remotely. This is a fairly serious issue and affects all WSL users. Unfortunately, the test profile is very large and has .NET COM server and REGEX expression test requirements.

We encourage you to add this Visual Studio update to your Patch Now schedule and also see the additional (and individual) .NET-related updates published on the Microsoft Dev blog.

Adobe (really just a leader)

This month Microsoft did not release an update for Adobe Reader. I continue to think that this section can be deprecated, but it has been updated regularly by Adobe or has important print updates to the PDF files. Let’s see what happens in 2022.

And if you get this far …

Microsoft will not release a December preview release (called the C release) due to minimal holiday operations and the upcoming New Year holidays. Regular monthly services for both Microsoft B and C releases will resume in January. Windows 10, version 2004 is no longer in service at the time of this release. Next month, there may be an update to the TLS protocol for Windows Server 2008 that supports TLS 1.2.

Copyright © 2021 IDG Communications, Inc.

Sources 1/ https://Google.com/ 2/ https://www.computerworld.com/article/3645134/patching-isnt-enough-for-decembers-patch-tuesday.html The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos