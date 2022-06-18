



Tuesday’s Microsoft patch fixes critical security flaws in Windows 10, 11, and servers

Updated after June 18th.This post was originally published on June 15th

Microsoft has confirmed that the security update on Tuesday, June 14th, is not the last. There are quite a few reasons why some media covering security patch distributions on the last Tuesday of the month soared at the end of the era. Last patch Tuesday, Bandwagon, frankly, is beyond me. Yes, thank you for mentioning the announcement of Windows Autopatch from the beginning of this year in the news report. The April revelation explained how Windows Autopatch could significantly automate the security patch process, changing patch Tuesday to another Tuesday for (some) administrators. I think this is the cause of the confusion, but it’s still a mysterious case of grabbing the wrong end of a fairly straight bar.

As you can see, what Microsoft certainly didn’t announce was a security update automation and management service for all Windows administrators or users. In fact, I thought it was clear that the Windows Autopatch, which will be rolled out in July, is only for Windows Enterprise users.

More precisely, customers with a Windows 10/11 Enterprise E3 (and later) license to use the Azure commercial cloud, except for government cloud customers. The Microsoft Windows Autopatch FAQ, updated June 8th, also states that Education (A3) and Frontline Worker (F3) licenses are not supported. This excludes not only some and most small businesses, but also the large consumer market.

For those who want to investigate this issue further, the real clincher is the existence of the official FAQ section under the heading “Does Windows Autopatch affect Tuesday’s patches?”.

Here, Microsoft states: “Monthly security and quality updates for supported versions of Windows and Windows Server operating systems will continue to be delivered on the second Tuesday of the month (commonly referred to as patch Tuesdays or update Tuesdays). Date.” Honestly. By the way, I don’t know how clear the company was.

That is, nothing is displayed here. The second Tuesday of the month, except for the distribution of Windows security patches in the near future.

In other news, following the June 14th Windows Update, Microsoft has added a new list of confirmed issues. However, this only affects Windows 10 (20H2, 21H1, 21H2) and Windows 11 (21H2) users, not Windows Server users. This issue, the failure to sign in using Azure Active Directory, is only relevant to the above users using Windows devices using Arm processors. “Some scenarios that may be affected are VPN connections, Microsoft Teams, Microsoft OneDrive, and Microsoft Outlook,” Microsoft confirms. While an update to fix this is being investigated, it is possible to mitigate the issue by using the web version of the affected app.

It wasn’t the most problematic of Tuesday’s patches, it must be said. You can read about other issues identified by Microsoft below.

Updated after June 17th.This post was originally published on June 15th

Microsoft has identified three issues that some users are experiencing after installing Windows Update on June 14. The “sooner or later” approach to patching security vulnerabilities is still wise advice, but as already mentioned later in this article, it’s not easy in a business environment to do this after patching. The regularity of the problem. Two of the three issues identified very quickly and identified by Microsoft can primarily affect business users. One that includes a Wi-Fi hotspot internet connection can also be a problem for consumers.

The first issue concerns a potential failure of operations related to making or deleting copies on an application server running a volume shadow storage (VSS) capable server application that stores data on a remote SMB 3.0 or later file share. To do. Microsoft has confirmed that “after installing Windows Update after June 14, 2022, backup applications may receive the error E_ACCESSDENIED while performing operations related to creating shadow copies.” This seems to be related to the security enforcement of the CVE-2022-30154 File Sharing Agent Service (RVSS) patch on the remote VSS. The fix for this patched issue is to reinstall it on both the application server and the file server, affecting Windows Server 2012, 2016, 2019, 2022, and Windows 1020H2.

The other two issues are still under investigation by Microsoft and updates will be available in the “next release”. The first is a Windows device that is using the Wi-Fi hotspot feature and the host has lost internet connectivity. Other operations on the cluster shared volume file or folder will fail with the STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5) error.

In addition to fixing the already attacked Follina zero-day exploit, Microsoft has identified three critical vulnerabilities that affect millions of Windows and Windows Server users.

Among the 55 new collections of Microsoft security updates, yes, Tuesday’s patch. There are three that have been rated as critical. Fortunately, none of these, in fact, any of the 55 vulnerabilities listed are currently known to be actually exploited. CVE-2022-30190 Despite the distribution of the Follina fix, strangely enough, Microsoft didn’t list it in the patched vulnerabilities.

The three critical security flaws are:

CVE-2022-30136

CVE-2022-30136 affects Windows Server (2012, 2016, 2019) users and can be exploited on the network with malicious calls to Network File System (NFS) services. Code execution (RCE) threat. According to Mike Walters, cybersecurity executive and co-founder of Action1, “this information has not been confirmed, but an exploit for this vulnerability has been developed.” He also referred to last month’s CVE-2022-26937 patch and warned that “this June patch should only be applied after the May patch has already been installed.”

CVE-2022-30139

CVE-2022-30139 is another RCE that affects Windows (10 & 11) and Windows Server (2016, 2019, 20H2, 2022) users, but this time the default policy value has changed for Windows Lightweight Directory Access. Affects Protocol (LDAP). According to the vulnerability database, the full technical details are still unknown, but “abuse requires simple authentication.” While making sure that public exploits aren’t available, the site suggests that one could be worth between $ 5,000 and $ 25,000.

CVE-2022-30163

CVE-2022-30163 affects users of Windows (7, 8.1, 10, and 11) and Windows Server (2008, 2012, 2016, 2019, 20H2, and 2022) and runs any other remote code. It is a vulnerability. This time, we will use a malicious application on the Hyper-V guest to target the Windows Hyper-V host. According to Trend Micro’s zero-day initiative, “Microsoft points out that the complexity of the attack is high because the attacker needs to win the race condition, but many reliable exploits related to the race condition have been demonstrated. So please follow the appropriate steps to test and deploy this update. “

Do you need to update your Windows or Windows Server platform immediately?

Obviously, as always, it’s important to update as soon as possible to enhance these security holes. Well, at least for consumers. The situation is more complicated for the organization. Mark Lamb, CEO of HighGround.io, said: “Security standards, including the UK Cyber ​​Essentials Overview Standard, recommend that you deploy patches within 14 days of the release of both your operating system and your application, but it takes months for your organization to deploy the patch. It’s not uncommon for this to happen, “says Lam, who says, if possible, companies should” work hard to approve and deploy patches every week. ” “I don’t know what the next vulnerability will be, and whether consistent diligence has mitigated it. I’ll patch it.”

