Virtual Administrator’s February 2023 Patch Recommendations
This month Microsoft released patches for 75 vulnerabilities with 9 rated “Critical” in severity.
All patches will be approved in our patch policy.
This month brings 75 updates with 9 classified as critical. Three zero-day vulnerabilities (CVE-2023-21715,CVE-2023-21823,CVE-2023-23376) are patched.
- CVE-2023-21715 is a Microsoft Publisher Security Features Bypass Vulnerability.
- CVE-2023-21823 is being pushed by the Microsoft Store so make sure automatic updates are enabled.
- CVE-2023-23376 is an Elevation of Privilege vulnerability in the Windows Common Log File System Driver.
Internet Explorer is being removed this month by an Edge update. Updates for Windows 7/8.1 stopped this month. If you are running “Microsoft 365 on a computer running Windows 7 or Windows 8 and are configured for automatic updates, you’ll no longer receive updates for the Office apps, including feature, security, and other quality updates.” See “Heads Up” below. A few Microsoft Exchange vulnerabilities are also patched this month. New SSU for Windows Server 2012.
Known issue with Windows Server 2022 on VMware ESXi. Also KB5022845 for Windows 11 version 22H2 may not be installed from some WSUS servers. See “Known Issues” below.
Heads Up! Windows 7/8.1 no longer updated and IE removed with Edge update.
Internet Explorer 11 desktop app retirement FAQ
“All remaining consumer and commercial devices that were not already redirected from IE11 to Microsoft Edge were redirected with the Microsoft Edge update. Users will be unable to reverse the change,”
End of support for Windows 7 and Windows 8.1
https://www.microsoft.com/en-us/windows/end-of-support?r=1
What Windows end of support means for Office and Microsoft 365
FYI – Fix release for .NET Framework and .NET bug in December 2022 patch.
KB5022083 Change in how WPF-based applications render XPS documents
Disclosed: None
Exploited: CVE-2023-21715, CVE-2023-21823, CVE-2023-23376
Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com
Microsoft Security Advisories
ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:02/14/2023)
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001
Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.
NOTE: The Windows 10 Security Stack Updates are included in the monthly Cumulative Updates.
Known Issues
Windows Server 2022 on some versions of VMware ESXi may not boot. WSUS servers running Windows Server 2022 which have been upgraded from Windows Server 2016 may not patch Windows 11 version 22H2.
Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.
“VMs running Windows Server 2022 on some versions of VMware ESXi may not boot.”
Affects: Windows Server 2022
Symptom: After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are affected by this issue. Affected versions of VMware ESXi are versions vSphere ESXi 7.0.x and below.
Workaround: Please see VMware’s documentation to mitigate this issue.
Microsoft and VMware are investigating this issue and will provide more information when it is available.
Virtual Machine with Windows Server 2022 KB5022842 (OS Build 20348.1547) configured with secure boot enabled not booting up (90947)
https://kb.vmware.com/s/article/90947
“Windows 11 version 22H2 may not be patched by some Windows Server Update Services (WSUS)”
Affects: Windows 11 version 22H2
Symptom: Updates released February 14, 2023 or later might not be offered from some Windows Server Update Services (WSUS) servers to Windows 11, version 22H2. The updates will download to the WSUS server but might not propagate further to client devices. Affected WSUS servers are only those running Windows Server 2022 which have been upgraded from Windows Server 2016 or Windows Server 2019. This issue is caused by the accidental removal of required Unified Update Platform (UUP) MIME types during the upgrade to Windows Server 2022 from a previous version of Windows Server. This issue might affect security updates or feature updates for Windows 11, version 22H2. Microsoft Configuration Manager is not affected by this issue.
Workaround: To mitigate this issue, please see Adding file types for Unified Update Platform on premises. (https://techcommunity.microsoft.com/t5/windows-it-pro-blog/adding-file-types-for-unified-update-platform-on-premises/ba-p/3620876)
We are working on a resolution and will provide an update in an upcoming release.
Good resource for known issues with Windows 10/11 patches. Find the version and click on “Known issues”.
Windows release health
https://docs.microsoft.com/en-us/windows/release-health/
Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB5022872 – Windows Server 2008 R2 (ESU)
- KB5022899 – Windows Server 2012 R2
- KB5022903 – Windows Server 2012
- KB5022890 – Windows Server 2008 (ESU)
Security Only Update
- KB5022874 – Windows Server 2008 R2 (ESU)
- KB5022894 – Windows Server 2012 R2
- KB5022895 – Windows Server 2012
- KB5022893 – Windows Server 2008 (ESU)
Cumulative Updates
Windows 10
- KB5022858 – Original release version 1507 (OS Build 10240)
- KB5022838 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB5022840 – Version 1809 “October 2018 Update” (OS Build 17763)
- KB5022834 – Version 20H2 “October 2020 Update” (OS Build 19042)
- KB5022834 – Version 21H2 “November 2021 Update” (OS Build 19044)
- KB5022834 – Version 22H2 “November 2022 Update” (OS Build 19045)
- (Versions 1511,1703,1709,1803,1903,2004 are no longer under support)
Windows 11
- KB5022836 – 21H2 (OS Build 22000) Original release
- KB5022845 – 22H2 (OS Build 22621)
Windows Server
- KB5022838 – Server 2016 (same KB as Windows 10 Version 1607)
- KB5022840 – Server 2019 (same KB as Windows 10 Version 1809)
- KB5022842 – Server 2022 (OS Build 20348)
February 2022 updates for Microsoft Office
Notable CVEs
CVE-2023-21715 | Microsoft Publisher Security Features Bypass Vulnerability (Office KB)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715
“An attacker who successfully exploited this vulnerability could bypass Office macro policies used to block untrusted or malicious files.”
CVE-2023-21716 | Microsoft Word Remote Code Execution Vulnerability (Office KB)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716
“An unauthenticated attacker could send a malicious e-mail containing an RTF payload that would allow them to gain access to execute commands within the application used to open the malicious file.”
CVE-2023-21823 | Windows Graphics Component Remote Code Execution Vulnerability (Microsoft Store)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”
CVE-2023-23376 | Windows Common Log File System Driver Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23376
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”
CVE-2023-21689/CVE-2023-21690/CVE-2023-21692 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21689
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21690
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21692
“The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution and attempt to trigger malicious code in the context of the server’s account through a network call. The attacker needs no privileges nor does the victim user need to perform and action.”
CVE-2023-21529/CVE-2023-21706/CVE-2023-21707/CVE-2023-21710 | Microsoft Exchange Server Remote Code Execution Vulnerability (KB5023038)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21529
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21706
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21707
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21710
“The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call.”