Patch now to address Windows zero-days

In this April Patch Tuesday, Microsoft addressed 97 existing vulnerabilities and also updated and re-released eight previously released patches. There have been reports of a vulnerability (CVE-2023-28252) being exploited in the wild, resulting in a “Patch Now” release.

This update cycle affects Windows Desktop, Microsoft Office, and Adobe Reader. There are no updates for Microsoft Exchange this month. The Application Readiness team provided a helpful infographic outlining the risks associated with each update for this April update cycle.

known issues

Each month Microsoft posts a list of known issues related to the operating systems and platforms included in this update cycle.

Windows 11 22H2: Windows devices that use some third-party UI customization apps may not boot after installing this update or later updates. Microsoft is currently investigating this issue. Updates released after February 14, 2023 may not be offered to Windows 11, version 22H2 from some Windows Server Update Services (WSUS) servers. Updates are downloaded to the WSUS server, but may not be further propagated to client devices. Microsoft is working on this issue. An update is expected soon.

And for the gaming cowboys out there, it looks like Red Dead Redemption 2 is dead upon arrival, at least with this April update. I know) will have to wait (a little longer) as there are still buffering issues with multi-gigabit network transfers on Microsoft’s latest desktop OS. .

Main revision

This month, Microsoft released several major revisions of previous updates.

CVE-2023-28260: .NET DLL Hijacking Remote Code Execution Vulnerability. This security patch has been updated to support PowerShell 7.2/7.3. CVE-2023-21722, CVE-2023-21808: .NET Framework Denial of Service Vulnerability. Microsoft re-released KB5022498 to ensure that a customer who installed the February Cumulative Update for .NET Framework 4.8 (KB5022502), upgraded to .NET Framework 4.8.1, and then scanned for updates found his Addressed a known issue preventing KB5022498 from being installed. Customers who were unable to install KB5022498 should rescan for updates and install the update. Customers who have already successfully installed KB5022498 do not need to take any further action. CVE-2023-23413, CVE-2023-24867, CVE-2023-24907, CVE-2023-24909: Remote code execution vulnerabilities in Microsoft PostScript and PCL6 class printer drivers. The following changes have been made to the description of this CVE report: 1) Added FAQ to explain how an attacker could exploit this remote code execution vulnerability. 2) Removed FAQ about incorrect CVSS metrics. These are informational changes only. CVE-2023-28303: Windows Snipping Tool Information Disclosure Vulnerability. Added FAQ explaining how to get updates from the Microsoft Store when automatic store updates are disabled. This is an informational change only.Mitigations and Workarounds

Microsoft has published the following vulnerability-related mitigations in this month’s April Patch Tuesday release cycle.

CVE-2023-23397: To mitigate this Microsoft Outlook privilege escalation vulnerability, Microsoft recommends the following: Other way to disable NTLM. The readiness team recommends blocking TCP port 445 (outbound) until an official Microsoft patch resolves this vulnerability.test guidance

Each month, the Readiness team analyzes the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. This guidance is based on an evaluation of a large application portfolio and a detailed analysis of Microsoft’s patches and their potential impact on the Windows desktop platform and application installation.

Due to the large number of changes included in this April patch cycle, we categorized our test scenarios into standard and high-risk profiles.

Test network connectivity (using web and Teams) using VPN and dial-up (PPPoE and SSTP). Test your Bluetooth connection. As a test, try printing from Bluetooth. Ok, that’s not fun. If you’re testing VPN with IKEv2 and L2TP, make sure your test profile includes a connectivity check. Test sound/audio in an RDP desktop session.high risk

Microsoft has made some significant changes to the functionality of the SQLOLEDB component. SQLOLEDB is a core Microsoft component that handles calls from SQL to OLE APIs. This is not the first time this key data-centric component has been patched by Microsoft, with a major update last September. The Readiness evaluation team strongly recommends an application portfolio scan of all applications (and their dependencies) that contain references to the Microsoft library SQLOLEDB.DLL. Scanning application packages for ODBC references introduces a lot of “noise”, so library dependency checking is preferred in this case. Once done, you should perform a database connection test. (Most importantly) these tests should probably be done via a VPN or an unstable internet connection.

All of these scenarios (both standard and high risk) will require significant application-level testing prior to general deployment of this month’s updates. In addition to the SQL connectivity test requirements, we also recommend the following “smoke” tests for your system:

Test the Windows On-Screen Keyboard (OSK). Test booting a Windows desktop system from a RAM disk. Test the Windows logging system (CLFS) using the create/read/update/delete test (CRUD).

We should also consider the latest updates to Adobe Reader later this month, so please include a print test in your implementation.

Updates by Product Family

Each month, we categorize our update cycles into product families (as defined by Microsoft), with the following basic groupings:

Browsers (Microsoft IE and Edge) Microsoft Windows (both desktop and server) Microsoft Office Microsoft Exchange Server Microsoft Development Platforms (ASP.NET Core, .NET Core, Chakra Core) Adobe (obsolete???, maybe next year) browser

Only three updates (CVE-2023-28284, CVE-2023-24935, and CVE-2023-28301) will patch back the Microsoft Edge browser platform in this April patch cycle. All of these are rated low by Microsoft. Additionally, Microsoft has rolled out 14 updates for his Chromium Edge browser, and deployment risks should be minimal. Add these updates to your standard patch release schedule.

If you have the time, here’s a great post from the Chromium project group on how they’re improving performance for all Chromium browsers.

Windows

This April, Microsoft released seven critical updates and 71 patches rated as critical for the Windows platform. These are for the following critical components (Critical Updates):

Microsoft Message Queuing Windows Layer 2 Tunneling Protocol Windows DHCP Server

Unfortunately, there were reports of a vulnerability (CVE-2023-28252) being exploited in the wild this month, adding it to the zero-day count. Add this update to your “Patch Now” release schedule.

microsoft office

There are no significant updates for the Microsoft Office product group this month. Microsoft has provided five updates rated Important to Microsoft Publisher and SharePoint to address spoofing and remote code execution security vulnerabilities. Add these Office updates to your standard release schedule.

Microsoft Exchange Server

April is said to be the cruelest month, but with no updates from Microsoft on the Microsoft Exchange Server product group this month, I’m not sure. This should bring spring to your feet.

Microsoft development platform

Microsoft only released 6 updates for Visual Studio and .NET (6.X/7.x) in this April patch cycle. These patches can be added to the standard developer release schedule to address vulnerabilities with low or high ratings by Microsoft.

Adobe Reader (The cat is back)

There is an update for Adobe Reader in this April update cycle. I thought the Reader update was complete, but the Priority 3 (lowest rated by Adobe) update (APSB 23-24) affected all versions of Adobe Reader and caused some memory Addressing a leak security vulnerability. Add this update to your standard third-party application deployment.

Copyright © 2023 IDG Communications, Inc.

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: cgurgu@internetmarketingcompany.BizWebsite: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos