Install the Pro Office Setup Easy

Download and Install Microsoft Office pro easy and learn some tips on how to improve your productivity using microsoft office.

Patch Tuesday includes 6 Windows zero-day bugs; patch now!

Microsoft released a very targeted but still important update on Tuesday that addresses 68 reported vulnerabilities (some public). Unfortunately, this month brings a new record: six zero-days affecting Windows. As a result, we’ve added Windows and Exchange Server updates to our “Patch Now” schedule. Microsoft also published a “defense in depth” advisory (ADV220003) to protect Office deployments. And there are a small number of Visual Studio, Word, and Excel updates to add to your standard patch release schedule.

More information about the risks of deploying these Patch Tuesday updates can be found in our infographic.

Known issues
Each month, Microsoft includes a list of known issues related to the operating system and platforms included in this update cycle. There are two major issues reported with Windows 11, both related to deploying and updating Windows 22H2 machines:

[Further reading: 17 ways to speed up Windows 10]
Users upgrading to Windows 22H2 and the upgrade or out-of-the-box experience may not be able to complete successfully. Feature packs applied during initial setup are most likely to be affected. For more information, see Provisioning packages for Windows.
Network transfers of large files (several gigabytes) may take longer than expected to complete in the latest version of Windows 11. You have probably experienced this problem when copying files to Windows 11 22H2 from a network share via Server Message Block ( SMB) , but the local file copy can also be affected.
In addition to these issues, Microsoft SharePoint Server experienced two issues with the November and September updates:

The web service methods of website pages may be affected by the September 2022 security update. For more information, see KB5017733.
Some SharePoint 2010 workflow scenarios can be blocked. For more information, see KB5017760.

Important Versions
Technically speaking, Microsoft released eight hotfixes this month, all for the Chromium Edge browser. In practice, these “hotfixes” were standard updates for the Microsoft Edge browser and are included in our Browser section. No other previous patch versions or updates were released this month.

Mitigations and Workarounds
A single fix has been released for November Patch Tuesday:

CVE-2022-37976: Active Directory Certificate Services elevation of privilege vulnerability. A system is only vulnerable if both the Active Directory Certificate Services role and the Active Directory Domain Services role are installed on a server on the network. LegacyAuthenticationLevel Configuration: Win32 Applications | Microsoft Docs to 5=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY could protect most processes on the machine against this attack. For more information, see the next section on configuring system-wide security with DCOMCNFG.
No other mitigations or workarounds have been released for Microsoft platforms.

Each month, the readiness team reviews patches applied to Windows, Microsoft Office, and related technology/development platforms. We analyze each update, the individual changes, and the potential impact on business environments. These test scenarios provide structured guidance on how to best implement Windows updates in your environment.

High risk: Microsoft has not reported any high risk functionality changes this month, meaning it has not updated or made major changes to core APIs, functionality, or any of the core components or applications included in the server and desktop ecosystems. Windows.

More generally, given the broad nature of this update (Office and Windows), we suggest testing the following Windows features and components:

Hyper-V upgrade – A simple test for starting and stopping virtual machines and isolated containers will suffice for this minor upgrade.
Microsoft PPTP VPN – Run your typical VPN scenarios (connect/disconnect/reboot) and try to simulate an outage. Contrary to previous recommendations, long trials are not necessary.
Microsoft Photo App – Make sure your RAW image extensions work as expected.
Microsoft ReFS and ExFat: A typical CRUD test (Create / Rename / Update / Delete) will be enough this month.
There were several updates this month on how Group Policy is implemented on Windows platforms. We recommend that you spend some time to ensure that the following features are working:

Creation/deployment and deletion of GPO policies.
Edit GPO policy, with a validation check to see if this updated policy has been applied to the entire OU.
Make sure all symlinks work as expected (redirections to user data).
And, with all the testing regimes required when making changes to Microsoft GPOs, remember to use the “gpupdate /force” command to ensure that all changes are committed to the target system.

Who uses the Windows Overlay Filter feature?

Systems engineers, that’s who. If you​​​​​​​​​​​​​​​​ have had to create client machines for large automated business deployments, you may need to work with the Windows Overlay Filter (WoF) driver for WIM boot files. WoF allows for significantly better compression ratios of setup files and was introduced in Windows 8. If you’re in the middle of a major client-side deployment effort this month, make sure your WIM files are still accessible after the November upgrade . If you​​​​​​are looking for more information about this important Windows implementation feature, check out this blog post on WoF data compression.

Unless otherwise specified, we assume that each Patch Tuesday update will require testing of key print features, including:

printing from directly connected printers;
large print jobs from servers (especially if they are also domain controllers);
print remotely (using RDP and VPN).
Each month we break the update cycle into product families (as defined by Microsoft) with the following basic groups:

Browsers (Microsoft IE and Edge);
Microsoft Windows (both desktop and server);
Microsoft office;
Microsoft Exchange Server;
Microsoft development platforms (ASP.NET Core, .NET Core, and Chakra Core);
Adobe (retired???, maybe next year).
browsers
Including last week’s Microsoft Edge (Chromium) mid-cycle update, there are 10 updates to the Chromium core and eight patches to Edge, for a total of 18 changes. For the 10 Chrome updates, you can check the Chrome security page for more details. You can find links to all Microsoft updates here: CVE-2022-3652, CVE-2022-3653, CVE-2022-3654, CVE-2022-3655, CVE-2022-3656, CVE-2022-3657, CVE-2022 – 3660, CVE-2022-3661. All 18 updates are low-profile, low-impact updates to the browser stack and can be added to your standard desktop update schedule.

Microsoft Windows
There’s good news and bad news for Windows this month. The bad news is that we have six zero days of Windows with publicly reported vulnerabilities and reported exploits in the wild. The good news is that only one of the vulnerabilities (which is great) is rated critical by Microsoft. This month’s update covers the following Windows features:

Windows Scripts (the Windows Script host or object);
Networks (especially how HTTPS is handled);
Windows Printing (the print queue, again);
ODBC (the least of our worries this month).
We are seeing some reports of problems this month with Kerberos. In response, Microsoft provided two knowledge base articles on how to handle the November changes:

How to manage Kerberos protocol changes related to CVE-2022-37967.
How to manage Netlogon protocol changes related to CVE-2022-38023.
Given the nature of these reported zero days and given the relatively narrow change profile this month, we recommend immediate patching for all Windows systems. Add these Windows updates to your “Patch Now” program, and this time we mean it.

Microsoft office
Microsoft released eight updates for the Office platform, which affect Word, Excel and SharePoint servers. There were no critical updates this month (no vulnerabilities in the preview panel), and Microsoft rated each patch as important. Additionally, Microsoft has released a “Defense In Depth” advisory (ADV220003) for Office. These Microsoft notifications include the following enhanced protection features:

Anti-Phishing Policy.
Improved filtering for connectors in Exchange Online.
Priority account protection.
Trusted ARC.
These properties deserve further investigation; You can read more about these and other preventive security measures here. Add these low-impact Microsoft Office updates to your standard release schedule.

Microsoft Exchange Server
Unfortunately, this month we have Microsoft Exchange Server updates on the list again. Microsoft released four updates; one (CVE-2022-41080) was rated critical and the other three were rated important. The Critical Elevation of Privilege vulnerability in Exchange is assessed on CVSS 8.8 and although we do not see any reported exploits, it is a serious problem with low complexity network access. Exchange administrators must patch their servers this weekend. Add this to your “Patch Now” startup schedule.

Microsoft development platforms
Microsoft has released four updates, all rated as important, for its Visual Studio platform. Both the Visual Studio and Sysmon tools are non-urgent, discrete updates to Microsoft’s discrete development tools. Add them to your regular developer patch schedule.

Adobe (really, just Reader)
There are no Adobe updates for November. Given the number of patches that have been released in the past month, this does not come as a surprise. We may see another major update from Adobe in December, given their normal update/release cadence.

Leave a Reply

Your email address will not be published. Required fields are marked *