For this week’s Patch Tuesday, the first of the year, Microsoft addressed 97 security issues, six of which were critical assessments. Although six vulnerabilities have been reported publicly, I do not classify them Zero days. Microsoft has addressed a number of security issues and is aware of a number of known issues that may have inadvertently caused significant server issues:
- Hyper-V, which no longer starts with the message, “The virtual machine xxx could not be started because the hypervisor is not running.”
- ReFS (Resilient) file systems that are no longer accessible (which is kind of ironic).
- And Windows Domain controller boot loops.
There have been various known issues this month, and I’m not sure if we’ll see any more issues reported with the January server patches. You can learn more about the risks of using these latest updates with us Useful infographic.
Key test scenarios
No high-risk changes have been reported to the Windows platform this month. However, there is a reported functional change, and additional features have been added.
- Local and remote printing testing and printing testing in RDP.
- Test site-to-site VPN with new and existing connections.
- Test to read or process ETL files.
- Check the start and stop of Hyper-V on your servers.
- Run the transaction NTFS (TxF) and CLFS test scenarios when including tests. ReFS File I / O transfer.
Each month, Microsoft includes in this update cycle a list of known issues related to operating systems and platforms. I have addressed some of the key issues related to the company’s recent build, including:
- SharePoint Server: Most users cannot access Web.config files on SharePoint Server. Affected groups of users do not include farm administrators, local administrators, or system-managed members. For more information, see Users cannot access Web.config files on SharePoint Server (KB5010126).
- Since its inception on June 21, 2021 (KB5003690(Update, some devices cannot install new ones, such as July 6, 2021)KB5004945) Or later updates. You will receive an error message, “PSFX_E_MATCHING_BINARY_MISSING.” For more information and solutions, see KB5005322.
- After installing updates released on or after April 22, 2021, there is a problem affecting versions of Windows Server used as the key management services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 may fail to activate. This problem only occurs when using the new Customer Support Volume License Key (CSVLK). Microsoft is working on the resolution and will provide updates in the upcoming release.
- After installing this Windows Update, connecting to devices on unreliable domains using Remote Desktop, may fail to authenticate connections using Smart Card authentication. You can get the prompt, “Your credentials did not work. The credentials that were used to connect. [device name] Did not work Please enter new credentials “and” Login attempt failed “at night. This issue has been resolved using Known Issue Rollback (KIR). For general information about using group policies, see Group Policy Overview; We have listed the following Group Policy installation files in case the KIR process is required: Windows Server 2022; Windows 10, version 2004; Windows 10, version 20H2; And Windows 10, version 21H1.
- After installation KB4493509, Devices installing some Asian language packs may see errors, “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.
- After installing Windows 11, some image editing programs may not accurately render colors on certain High Dynamic Range (HDR) displays.
Microsoft is working on Windows 11 issues, but has yet to answer Hyper-V, ReFS, or domain controller issues. One of the best ways to see if known problems might affect your target platform is to examine several configuration options for downloading patch data. Microsoft Security Update Guide Site Or Summary page for this month’s security update.
Microsoft has not released any major revisions (or minor document changes) for the January patch release.
Reduction and solutions
Although there are no published reductions or solutions related to January patches, we expect a response from Microsoft on server 2022 patch-related issues in the next few days.
Each month, we divide the update cycle into product families (as defined by Microsoft) with the following basic groups:
- Browsers (Microsoft IE and Edge);
- Microsoft Windows (both desktop and server);
- Microsoft Office;
- Microsoft Exchange;
- Microsoft Development Platforms ( ASP.NET Core, net core and cycle core);
- Adobe (Retired ???, maybe next year).
This month sees a mixed bag of updates for Microsoft browsers. Although we don’t get any patches for legacy browsers, Microsoft has released five specific updates for the Chromium version of Edge. In addition to these changes, the Chromium Project has released 24 additional updates to the Chromium browser core. You can find out more about Microsoft updates Here, Release Notes for Chromium Project Updates Found Here. Microsoft has published detailed information on Microsoft Edge-specific issues Security Update Guide) While Google refrains from publishing detailed security and vulnerability information until all patches have been released.
Add these Chrome (Edge and Chromium) updates to your regular scheduled update release schedule.
This is a significant update to the Windows platform which has seven updates critical rated, and heavily rated heavy 80 patches. There are several reported issues affecting (probably all) Windows domain controllers with this month’s server patches. If you see the following error message post update – “The system process ‘C: Windows system32 lsass.exe’ ended unexpectedly with status code -1073741819. The system will now shut down and restart“- You are not alone. There are important numbers too Reports That Virtual machines do not start on the newly updated Hyper-V.
In general, we recommend critical testing cycles before the release of Windows Updates products. Although updated addresses this month CVE-2022-21907 “Which is a particularly dangerous CVE because of the ability to allow an attacker to affect the entire intranet once the attack is successful,” said Danny Kim, chief architect. Virsec. CVE is the latest example of how software capabilities can be distorted and manipulated; It targets the HTTP trailer support feature, which allows the sender to include additional fields in the message to supply metadata by providing a specially designed message that can execute remote code.
Microsoft says this vulnerability is “warmeble” so we recommend that you add this month’s Windows update to your “Patch Now” schedule.
Windows Testing Guidelines
- Test your IME with both English and Asian language packs.
- Remote Desktop: The client must be able to connect to the RDP host and redirect to drives, audio, clipboard and printers.
- Test CLFS logs: (“CRUD”) Create a log, read from the log, and update the log.
- Networking: Send and receive large size files to other nodes using IPv4 and IPv6.
- Test NTFS using short name related scenarios.
This month’s Windows patches included a major update to NTFS (without any functional changes); For more information and suggested test scenarios, refer to the Microsoft documentation Transaction NTFS (TxF).
Microsoft has released four updates to the respected Office Productivity Suite (one rated, the other three, critical). Critical Patch (CVE-2022-21840) Addresses the risk of remote code execution in Microsoft Core libraries which (thanks) requires user interaction such as the following scenario by Microsoft: “In an email attack scenario, an attacker may exploit the risk by sending the user a specially crafted file. So, this is 2022 and by clicking on the email, we can give it all.
Microsoft has confirmed that these four patches fully address the issue, so please add this update to your standard Office patch release schedule.
Microsoft Exchange Server
There are three updates to the Microsoft Exchange Server platform this month. Two importantly rated (CVE-2022-21969 And CVE-2022-21855), The focus should be on the critical patch CVE-2022-21846. This risk is very high CVSS Evaluation of 9.0. However, the risk of exploitation is greatly reduced due to the diffuse nature of the attack vectors of these vulnerabilities. To be successful, an attacker must be present on the network or be able to access nearby components on the target system (such as Bluetooth).
Microsoft has proposed the following test guidelines for these three patches, including:
- Test OWA Scenarios with http and (secure) https URLs.
- Test the new Exchange “Site Mailbox” creation (s).
Fortunately, the challenging configuration issues we’ve seen in past updates aren’t expected this month. Then, “test before deployment” and add these exchange updates to your standard server update table.
Microsoft development platforms
For this cycle, Microsoft released a single update (CVE-2022-21911) Was critically evaluated for its development platforms. This denial-of-service attack does not require user interaction or administrator privileges to succeed in compromising the target system. Microsoft has published an official solution to the issue, which could affect .NET COM servers and REGEX expressions. These components will require some testing before using a single .NET update. You may need to download these and future updates in a separate file for .NET 4.8 patches.
Microsoft has published a blog .NET 4.8 Release Cadence and Methods. Add this update to your regular patch release schedule.
Adobe (actually reader only)
It’s back with revenge! While Adobe has published a number of vulnerabilities for its Adobe Reader (and Acrobat) products, I initially thought that a long list of memory-related issues would address the entire Adobe suite.
Adobe Reader has seen no less than 26 updates, 15 rated important, three important and another seven moderate. All versions are affected, and all currently supported platforms will require updates. You can read more about this (many) long list of updates Here. Add these Adobe updates to your “Patch Now” table.
Copyright 2022 IDG Communications, Inc.