Virtual Administrator’s August 2022 Patch Recommendations

patch-recommedation

This month Microsoft released patches for 121 vulnerabilities with 17 rated “Critical” in severity.

 

All patches will be approved in our patch policy.

 

More patches this month with a few known issues.

CVE-2022-34713 is the only actively exploited vulnerability so far. Dubbed “DogWalk” it’s a Microsoft Windows Support Diagnostic Tool (MSDT) vulnerability. Unpatched systems contain a path traversal weakness which could allow remote code execution.

CVE-2022-30133 and CVE-2022-35744 are Remote Code Execution (RCE) vulnerabilities in the Windows Point-to-Point Protocol affecting RAS servers and could be “wormable”.

Busy month for those managing local Exchange servers. In addition to the Exchange CVEs listed below Microsoft recommends enabling Extended Protection to be protected from these vulnerabilities – see Known Issues and Notable CVEs below.

There is another RCE flaw (CVE-2022-34715) in Windows Network File System. Microsoft 365 has a number of problems this month – see “Heads Up” below. Additionally Excel 2013 has problems opening network files with long file names – see Known Issues below.

One new SSUs for Windows 10 Version 1607/Server 2016.

 

Disclosed: CVE-2022-30134, CVE-2022-34713

Exploited: CVE-2022-34713

 

FYI Manual enablement of Windows Extended Protection

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862

 

FYI Improvements to Secure Boot DBX for the supported Windows versions

KB5012170: Security update for Secure Boot DBX: August 9, 2022

https://support.microsoft.com/en-us/topic/kb5012170-security-update-for-secure-boot-dbx-august-9-2022-72ff5eed-25b4-47c7-be28-c42bd211bb15

 

Heads Up! Microsoft 365 update causing issues

Microsoft 365 version 2206 update pulled due to apps crashing

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-version-2206-update-pulled-due-to-apps-crashing/

Microsoft shares workarounds for Outlook crashing after launch

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-workarounds-for-outlook-crashing-after-launch/

Update history for Microsoft 365 Apps (listed by date)

https://docs.microsoft.com/en-us/officeupdates/update-history-microsoft365-apps-by-date

 

Security Update Guide

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com

 

Microsoft Security Advisories

 

ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:08/9/2022)

https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001

Reason for Revision: A Servicing Stack Update has been released for Windows 10 Version 1607/Server 2016 only

 

Known Issues

A couple known issues are listed below affecting Excel 2013 and the XPS Viewer in Windows 10/11.

 

“Excel 2013 issues with opening files on a network”

Description of the security update for Excel 2013: August 9, 2022 (KB5002242)

https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-excel-2013-august-9-2022-kb5002242-ba736c29-885d-4d7c-a3fb-bf61242f4ce0

 

Symptom: After you install this update, you might encounter the following warning when you open Excel files from a network location if the file extension is correct:

The file format and extension of %FILENAME% don’t match. The file could be corrupted or unsafe. Unless you trust its source, don’t open it. Do you want to open it anyways?

Status: Microsoft is researching this issue and will update this article when a fix is available.

Workaround: Copy the affected files to the desktop, and then open them in Excel.

 

“XPS Viewer might be unable to open XML Paper Specification (XPS) documents”

Windows 10 version 20H2/21H1/21H2, Windows Server version 20H2, Windows 11

https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-21h2

 

Symptom: After installing this update, XPS Viewer might be unable to open XML Paper Specification (XPS) documents in some non-English languages, including some Japanese and Chinese character encodings. This issue affects both XML Paper Specification (XPS) and Open XML Paper Specification (OXPS) files. When encountering this issue, you may receive an error, “This page cannot be displayed” within XPS Viewer or it might stop responding and have high CPU usage with continually increasing memory usage. When the error is encountered, if XPS Viewer is not closed it might reach up to 2.5GB of memory usage before closing unexpectedly.

Note: This issue does not affect most home users. The XPS Viewer is no longer installed by default as of Windows 10, version 1803 and must be manually installed.

Status: We are working on a resolution and will provide an update in an upcoming release.:

 

Good resource for known issues with Windows 10 patches. Find the version and click on “Known issues”.

Windows release health

https://docs.microsoft.com/en-us/windows/release-health/

 

Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

 

 

Security and Quality Rollup

  • KB5016676 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB5016681 – Windows 8.1, Windows Server 2012 R2
  • KB5016672 – Windows Server 2012
  • KB5016669 – Windows Server 2008 (ESU)

 

Security Only Update

  • KB5016679 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB5016683 – Windows 8.1, Windows Server 2012 R2
  • KB5016684 – Windows Server 2012
  • KB5016686 – Windows Server 2008 (ESU)

 

Cumulative Updates

Windows 10

  • KB5016639 – Original release version 1507 (OS Build 10240)
  • KB5016622 – Version 1607 “Anniversary Update” (OS Build 14393)
  • KB5016623 – Version 1809 “October 2018 Update” (OS Build 17763)
  • KB5016616 – Version 20H2 “October 2020 Update” (OS Build 19042)
  • KB5016616 – Version 21H1 “May 2021 Update” (OS Build 19043)
  • KB5016616 – Version 21H2 “November 2021 Update” (OS Build 19044)
  • (Versions 1511,1703,1709,1803,1903,2004 are no longer under support)

 

Windows 11

  • KB5016629 – Original release (OS Build 22000)

 

Windows Server

  • KB5016622 – Server 2016 (same KB as Windows 10 Version 1607)
  • KB5016623 – Server 2019 (same KB as Windows 10 Version 1809)
  • KB5016627 – Server 2022 (OS Build 20348)

 

August 2022 updates for Microsoft Office

https://support.microsoft.com/en-gb/topic/august-2022-updates-for-microsoft-office-9746a7c8-0c3e-4f4f-85d4-7ee3b29c80db

 

Notable CVEs

 

CVE-2022-21980 / CVE-2022-24477 / CVE-2022-24516 | Microsoft Exchange Server Elevation of Privilege Vulnerability (KB5015321,KB5015322)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21980

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24477

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24516

Vulnerable systems need to enable Extended Protection to prevent this attack.

 

CVE-2022-30133 / CVE-2022-35744 | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30133

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35744

An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.

 

CVE-2022-30134 | Microsoft Exchange Information Disclosure Vulnerability (KB5015321,KB5015322)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134

Vulnerable systems need to enable Extended Protection to prevent this attack.

 

CVE-2022-34691 | Active Directory Domain Services Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691

An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System.

 

CVE-2022-34713 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713

Exploitation of this Remote Code Execution (RCE) vulnerability requires that a user open a specially crafted file.

 

CVE-2022-34715 | Windows Network File System Remote Code Execution Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34715

This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).

 

CVE-2022-35804 | SMB Client and Server Remote Code Execution Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35804

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target system.