Connect with us

Tech

May patch Tuesday update will require urgent patching

Published

on

 


Last Tuesday’s patch started with 73 updates, but ended with (so far) three revisions and late additions (CVE-2022-30138), addressing a total of 77 vulnerabilities this month. Compared to the widespread update released in April, there is a greater urgency to patch Windows, especially with three zero-day attacks and some very serious flaws in the keyservers and authentication areas. .. Due to the new server update technology, Exchange also needs attention.

There were no updates for Microsoft Browser and Adobe Reader this month. And Windows 10 20H2 (which we didn’t know much about you) is currently unsupported.

See this helpful infographic for more information on the risks of deploying these patch Tuesday updates. The MSRC Center has an overview of how security updates are handled here.

Key test scenarios

Considering the many changes included in this May patch cycle, we have categorized the test scenarios into high-risk groups and standard-risk groups.

High risk: These changes may include functional changes, may obsolete existing features, and may require the creation of a new test plan.

Test the enterprise CA certificate (both new and renewal). The domain server KDC automatically validates the new extensions included in this update. Look for the failed verification! This update includes changes to driver signatures, including timestamp checks and authentic code signatures. The signed driver will be loaded. Unsigned drivers should not be. Check your application for test runs for failed driver loads. Includes checking for signed EXEs and DLLs.

The following changes are not documented as containing feature changes, but at least “smoke testing” is required before the May patch is generally deployed.

Test the VPN client when using the RRAS server: connect, disconnect (use all protocols: PPP / PPPP / SSTP / IKEv2). Test that the EMF file opens as expected. Test the dependencies of your Windows Address Book (WAB) application. BitLocker Testing: Enable and then disable BitLocker to start / stop the machine. Make sure you can access your credentials via VPN (see Microsoft Credential Manager). Test the V4 printer driver (especially if CVE-2022-30138 arrives later).

For this month’s test, the test resource will need to be restarted several times and will need to include both the (BIOS / UEFI) virtual machine and the physical machine.

Known issues

Microsoft contains a list of known issues that affect the operating system and platform included in this update cycle.

After installing this month’s update, Windows devices using certain GPUs may cause the app to quit unexpectedly or generate an exception code (0xc0000094 in module d3d9on12.dll) for apps using Direct3D version 9. May be done. Microsoft has released a KIR Group Policy update to resolve this issue with the following GPO settings: Windows 10, version 2004, Windows 10, version 20H2, Windows 10, version 21H1, and Windows 10 , Download for version 21H2. After installing an update released after January 11, 2022, an app that uses the Microsoft .NET Framework to retrieve or configure Active Directory forest trust information either fails or generates an access violation (0xc0000005) error. May be done. Applications that depend on the System.DirectoryServices API seem to be affected.

Microsoft really improved the game when discussing recent fixes and updates for this release in a useful update highlight video.

Major revisions

Although the list of patches has dropped significantly this month compared to April, Microsoft has released three revisions:

CVE-2022-1096: Chrome: CVE-2022-1096 type confusion in V8. This March patch has been updated to include support for the latest version of Visual Studio (2022), enabling updated rendering of webview2 content. No further action is required. CVE-2022-24513: Visual Studio privilege elevation vulnerability. This April patch has been updated to include all supported versions of Visual Studio (15.9 to 17.1). Unfortunately, this update affects how webview2 content is rendered and may require application testing by the development team. CVE-2022-30138: WindowsPrintSpooler privilege elevation vulnerability. This is informational only. No further action is required.Mitigation and workarounds

In May, Microsoft published one important mitigation for a serious Windows Network File System vulnerability.

CVE-2022-26937: Remote Code Execution Vulnerability in Windows Network File System. You can mitigate the attack by disabling NFSV2 and NFSV3. The following PowerShell command disables these versions: “PS C: \ Set-NfsServerConfiguration -EnableNFSV2 $ false -EnableNFSV3 $ false.” When completed. You will need to restart the NFS server (or restart the machine if possible). You can also use the PowerShell command “PSC: \ Get-NfsServerConfiguration” to verify that the NFS server has been updated correctly.

Each month, the update cycle is categorized into product families (defined by Microsoft) in the following basic groupings:

Browsers (Microsoft IE and Edge); Microsoft Windows (both desktop and server); Microsoft Office; Microsoft Exchange; Microsoft Development Platforms (ASP.NET Core, .NET Core, and Chakra Core); Adobe (Retired ???, maybe next year).browser

Microsoft has not released any updates for the Legacy (IE) or Chromium (Edge) browsers this month. Over the last decade, the number of serious issues that have plagued Microsoft has been declining. In my opinion, the move to the Chromium project was a clear “super plus plus win win” for both the development team and the users.

Speaking of traditional browsers, you need to prepare for the abolition of IE scheduled for mid-June. “Preparing”, of course, means celebrating after making the legacy app explicitly independent of the old IE rendering engine. Add “Congratulations on IE’s abolition” to your browser deployment schedule. Your users will understand.

Windows

The Windows platform received six important updates this month, with 56 patches rated as important. Unfortunately, there are also three zero-day exploits.

CVE-2022-22713: This vulnerability, exposed on Microsoft’s Hyper-V virtualization platform, could allow an attacker to exploit an internal race condition and lead to a potential denial of service scenario. This is a serious vulnerability, but it requires a chain of several vulnerabilities to be successful. CVE-2022-26925: This LSA certification issue, which has been publicly disclosed and reportedly abused, is a real concern. Patching is easy, but the large test profile makes it difficult to deploy quickly. In addition to testing domain authentication, make sure that the backup (and restore) features are working as expected. We strongly recommend that you check the latest Microsoft support notes for this ongoing issue. CVE-2022-29972: This exposed vulnerability in the Redshift ODBC driver is fairly specific to Synapse applications. However, if you are exposed to any of the Azure Synapse RBAC roles, deploying this update is a top priority.

In addition to these zero-day issues, there are three other issues that need attention.

CVE-2022-26923: This vulnerability in Active Directory authentication is not “wormable”, but it is easy to exploit and it is not surprising to see it being aggressively attacked immediately. Once compromised, this vulnerability provides access to the entire domain. This is a high stake. CVE-2022-26937: This network file system has a bug rating of 9.8, one of the highest reported this year. NFS is not enabled by default, but if you have Linux or Unix on your network, you may be using NFS. We will patch this issue, but we also recommend upgrading to NFS v4.1 as soon as possible. CVE-2022-30138: This patch was released after the patch on Tuesday. This print spooler issue only affects older systems (Windows 8 and Server 2012), but requires considerable testing before deployment. This is not a very serious security issue, but it is likely a printer-based issue. Take some time before deploying this.

Considering the number of serious exploits and the three zero-days of May, we will add this month’s Windows Update to the “Patch Now” schedule.

Microsoft office

Microsoft has released only four updates to the Microsoft Office platform (Excel, SharePoint), all of which are rated as important. All of these updates are difficult to exploit (requires both user interaction and local access to the target system) and only affects 32-bit platforms. Add these low-profile, low-risk Office updates to your standard release schedule.

Microsoft Exchange Server

Microsoft has released a single update for Exchange Server (CVE-2022-21978). This has been rated as important and seems to be quite difficult to abuse. This privilege escalation vulnerability requires fully authenticated access to the server and has not been published or exploited so far.

More importantly this month, Microsoft introduced a new way to update Microsoft Exchange servers. This includes:

The best Windows Installer patch file (.MSP) for automated installations. Self-extracting auto-promotion installer (.exe). Great for manual installation.

This is an attempt to solve the problem that the Exchange administrator updates the server system within a non-administrator context and the server is in poor condition. The new EXE format enables command line installations and better installation logging. Microsoft has published the following EXE command line example:

“Setup.exe / IAcceptExchangeServerLicenseTerms_DiagnosticDataON / PrepareAllDomains”

We recommend that you prepare the% Temp% environment variable before using the new EXE installation format. Keep in mind that even if you follow the new method of updating Exchange using EXE, you will need to deploy monthly SSU updates (individually) to ensure that your server is up to date. Add this update (or EXE) to the standard release schedule so that a full reboot will occur when all updates are complete.

Microsoft development platform

Microsoft has released five important updates and one low-rated patch. All of these patches affect Visual Studio and the .NET Framework. We recommend that you read the Visual Studio April Update Guide to update your Visual Studio instance to address these reported vulnerabilities.

The May 2022 .NET update blog posting can help you learn more about the specific issues addressed from a security perspective. .NET 5.0 is no longer supported and it may be worth checking for some compatibility or “critical changes” that need to be addressed before upgrading to .NET 7. Add these medium risk updates to the standard update schedule.

Adobe (really just a leader)

I thought I could see the trend. There are no Adobe Reader updates this month. That said, Adobe has released some updates for other products here: APSB22-21. Let’s see what happens in June. You may be able to discontinue both Adobe Reader and IE.

Copyright © 2022 IDG Communications, Inc.

Sources

1/ https://Google.com/

2/ https://www.computerworld.com/article/3660511/mays-patch-tuesday-updates-make-urgent-patching-a-must.html

The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos

ExBUlletin

to request, modification Contact us at Here or [email protected]