[ad_1]
June’s Patch Tuesday updates, launched on June 14, tackle 55 vulnerabilities in Home windows, SQL Server, Microsoft Workplace, and Visible Studio (although there are oo Microsoft Alternate Server or Adobe updates this month). And a zero-day vulnerability in a key Home windows element, CVE-2022-30190, led to a “Patch Now” advice for Home windows, whereas the .NET, Workplace and SQL Server updates may be included in a regular launch schedule.
You will discover extra data on the danger of deploying these Patch Tuesday updates on this infographic.
Key testing situations
Given the big variety of adjustments included on this June patch cycle I’ve damaged out the testing situations for top danger and commonplace danger teams.
These high-risk adjustments are more likely to embody performance adjustments, might deprecate current features, and can doubtless require new testing plans. Check your signed drivers utilizing bodily and digital machines, (BIOS and UEFI) and throughout all platforms (x86, 64-bit):
- Run functions which have binaries (.EXE and .DLL) which are signed and unsigned.
- Run drivers which are signed and unsigned. Unsigned drivers shouldn’t load. Signed drivers ought to load.
- Use SHA-1 signed versus SHA-2 signed drivers.
Every of those high-risk check cycles should embody a guide shut-down, reboot, and restart. The next adjustments should not documented as together with useful adjustments, however will nonetheless require at the very least “smoke testing” earlier than normal deployment:
- Check distant Credential Guard situations. (These assessments would require Kerberos authentication, and will solely be used with the RDP protocol.)
- Check your Hyper-V servers and begin/cease/resume your Digital Machines (VM).
- Carry out shadow copy operations utilizing VSS-aware backup functions in a distant VSS deployment over SMB.
- Check deploy pattern functions utilizing AADJ and Intune. Be certain that you deploy and revoke entry as a part of your check cycle.
Along with these commonplace testing tips, we advocate that every one core functions endure a testing regime that features self-repair, uninstall, and replace. That is as a result of adjustments to Home windows Installer (MSI) this month. Not sufficient IT departments check the replace, restore, and uninstall features of their utility portfolio. It is good to problem every utility bundle as a part of the High quality Assurance (QA) course of that features the important thing utility lifecycle phases of set up, activation, replace, restore, after which uninstall.
Not testing these phases might go away IT techniques in an undesirable state — on the very least, it will likely be an unknown state.
Identified points
Every month, Microsoft features a listing of identified points that relate to the working system and platforms affected this cycle. This month, there are some advanced adjustments to contemplate, together with:
- After putting in this June replace, Home windows gadgets that use sure GPUs may trigger functions to shut unexpectedly or trigger intermittent points. Microsoft has printed KB articles for Home windows 11 (KB5013943) and Home windows 10, model 21H2, all editions (KB5013942). No resolutions for these reported points but.
- After putting in this month’s replace, some .NET Framework 3.5 apps may need points or fail to open. Microsoft stated you may mitigate this challenge by re-enabling .NET Framework 3.5 and the Home windows Communication Basis in Home windows Options.
As you could bear in mind, Microsoft printed an out-of-band replace (OOB) final month (on Could 19). This replace affected the next core Home windows Server based mostly networking options:
The safety vulnerabilities addressed by this OOB replace solely impacts servers working as area controllers and utility servers that authenticate to area controller servers. Desktop platforms should not affected. As a result of this earlier patch, Microsoft has really useful that this June’s replace be put in on all intermediate or utility servers that cross authentication certificates from authenticated shoppers to the area controller (DC) first. Then set up this replace on all DC position computer systems. Or pre-populate CertificateMappingMethods to 0x1F as documented within the registry key data part of KB5014754 on all DCs. Delete the CertificateMappingMethods registry setting solely after the June 14 replace has been put in on all intermediate or utility servers and all DCs.
Did you get that? I need to be aware with a sure sense of irony, that essentially the most detailed, order-specific set of directions that Microsoft has ever printed (ever), are buried deep, mid-way by a really lengthy technical article. I hope everyone seems to be paying consideration.
Main revisions
Although we’ve got fewer “new” patches launched this month, there are numerous up to date and newly launched patches from earlier months, together with:
- CVE-2021-26414: Home windows DCOM Server Safety Characteristic Bypass. After this month’s updates are put in, RPC_C_AUTHN_LEVEL_PKT_INTEGRITY on DCOM servers can be enabled by default. Prospects who want to take action can nonetheless disable it by utilizing the RequireIntegrityActivationAuthenticationLevel registry key. Microsoft has printed KB5004442 to assist with the configuration adjustments required.
- CVE-2022-23267: NET and Visible Studio Denial of Service Vulnerability. This can be a minor replace to affected functions (now affecting the MAC platform). No additional motion required.
- CVE-2022-24513: Visible Studio Elevation of Privilege Vulnerability. This can be a minor replace to the listing of affected functions (now affecting the MAC platform). No additional motion required.
- CVE-2022-24527: Microsoft Endpoint Configuration Supervisor Elevation of Privilege. This main replace to this patch is a little bit of a large number. This patch was mistakenly allotted to the Home windows safety replace group. Microsoft has eliminated this Endpoint supervisor from the Home windows group and has offered the next choices to entry and set up this hot-fix:
- Improve to Configuration Supervisor present department, model 2203 (Construct 5.00.9078), which is offered as an in-console replace. See Guidelines for putting in replace 2203 for Configuration Supervisor for extra data.
- Apply the hotfix. Prospects working Microsoft Endpoint Configuration Supervisor, variations 1910 by variations 2111 who should not capable of set up Configuration Supervisor Replace 2203 (Construct 5.00.9078) can obtain and set up hot-fix KB12819689.
- CVE-2022-26832: .NET Framework Denial of Service Vulnerability. This replace now contains protection for the next affected platforms: Home windows 10 model 1607, Home windows Server 2016, and Home windows Server 2016 (Server Core set up). No additional motion required.
- CVE-2022-30190: Microsoft Home windows Assist Diagnostic Software (MSDT) Distant Code Execution Vulnerability. This patch is private — we have been affected by this challenge with large server efficiency spikes. In case you are having issues with MSDT, it’s good to learn the MSRC weblog put up, which incorporates detailed directions on updates and mitigations. To resolve our points, we needed to disable the MSDT URL protocol, which has its personal issues.
I believe that we are able to safely work by the Visible Studio updates, and the Endpoint Configuration Supervisor adjustments will take a while to implement, however each adjustments should not have vital testing profiles. DCOM adjustments are completely different — they’re powerful to check and usually require a enterprise proprietor to validate not simply the set up/instantiation of the DCOM objects, however the enterprise logic and the specified outcomes. Guarantee that you’ve a full listing of all functions which have DCOM dependencies and run by a enterprise logic check, or you will have some disagreeable surprises — with very difficult-to-debug troubleshooting situations.
Mitigations and workarounds
For this Patch Tuesday, Microsoft printed one key mitigation for a critical Home windows vulnerability:
- CVE-2022-30136: Home windows Community File System Distant Code Execution Vulnerability. That is the primary time I’ve seen this, however for this mitigation, Microsoft strongly recommends you put in the Could 2022 replace first. As soon as performed, you may scale back your assault floor space by disabling NFSV4.1 with the next PowerShell command: “PS C:Set-NfsServerConfiguration -EnableNFSV4 $false”
Making this alteration would require a restart of the goal server.
Every month, we break down the replace cycle into product households (as outlined by Microsoft) with the next primary groupings:
- Browsers (Microsoft IE and Edge);
- Microsoft Home windows (each desktop and server);
- Microsoft Workplace;
- Microsoft Alternate;
- Microsoft Growth platforms (ASP.NET Core, .NET Core and Chakra Core);
- Adobe (retired???, perhaps subsequent 12 months).
Browsers
We’re seeing a welcome development of fewer and fewer vital updates to the complete Microsoft browser portfolio. For this cycle, Microsoft has launched 5 updates to the Chromium model of Edge. They’re all low danger to deploy and resolve the next reported vulnerabilities:
A key issue on this downward development of browser associated safety points, is the decline and now retirement of Web Explorer (IE). IE is formally not supported as of this July. The way forward for Microsoft’s browsers is Edge, in response to Microsoft. Microsoft has offered us with a video overview of Web Explorer’s retirement. Add these Chromium/Edge browser updates to your commonplace utility launch schedule.
Home windows
With 33 of this month’s 55 Patch Tuesday updates, the Home windows platform is the first focus — particularly given the low-risk, low-profile updates to Microsoft Browsers, Workplace, and growth platforms (.NET). The Home windows updates cowl a broad base of performance, together with: NTFS, Home windows networking, the codecs (media) libraries, and the Hyper-V and docker parts. As talked about earlier, essentially the most difficult-to-test and troubleshoot would be the kernel updates and the native safety sub-system (LSASS). Microsoft recommends a ring-based deployment strategy, which is able to work effectively for this month’s updates, primarily as a result of variety of core infrastructural adjustments that ought to be picked up in early testing. (Microsoft has printed one other video in regards to the adjustments this month to the Home windows 11 platform, discovered right here.)
Microsoft has mounted the widely-exploited Home windows Follina MSDT zero-day vulnerability reported as CVE-2022-30190, which given the opposite three vital updates (CVE-2022-30136, CVE-2022-3063 and CVE-2020-30139) results in a “Patch Now” advice.
Microsoft Workplace
Microsoft launched seven updates to the Microsoft Workplace platform (SharePoint, Excel, and the Workplace Core basis library), all of them rated necessary. The SharePoint server updates are comparatively low danger, however would require a server reboot. We have been initially apprehensive in regards to the RCE vulnerability in Excel, however on evaluation it seems that the “distant” in Distant Code Execution refers back to the attacker location. This Excel vulnerability is extra of an Arbitrary Code Execution vulnerability; on condition that it requires consumer interplay and entry to an area goal system, it’s a much-reduced danger. Add these low-profile Workplace updates to your commonplace patch deployment schedule.
Microsoft Alternate Server
We’ve got a SQL server replace this month, however no Microsoft Alternate Server updates for June. That is excellent news.
Microsoft growth platforms
Microsoft has launched a single, comparatively low-risk (CVE-2022-30184) replace to the .NET and Visible Studio platform. In case you are utilizing a Mac (I like the Mac model of Code), Microsoft recommends that you just replace to Mac Visible Studio 2022 (nonetheless in preview) as quickly as potential. As of July (sure, subsequent month) the Mac model of Visible Studio 2019 will not be supported. And sure, shedding patch help in the identical month as the following model is launched is tight. Add this single .NET replace to your commonplace growth patch launch schedule.
Adobe (actually, simply Reader)
There are not any Adobe Reader or Acrobat updates for this cycle. Adobe has launched a safety bulletin for his or her different (non-Acrobat or PDF associated) functions — all of that are rated on the lowest degree 3 by Adobe. There can be loads of work with printers within the coming weeks, so this can be a welcome reduction.
Copyright © 2022 IDG Communications, Inc.
[ad_2]
Source link