Virtual Administrator’s October 2022 Patch Recommendations
This month Microsoft released patches for 85 vulnerabilities with 15 rated “Critical” in severity.
All patches will be approved in our patch policy.
A sizable number (15) of critical patches this month but the big news is what Microsoft did not patch.
Two new zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) in Microsoft Exchange Server were reported at the end of September. Known as “ProxyNotShell” Microsoft has added protections to Exchange Online but on-prem Exchange Server administrators should review their Customer Guidance (See “Heads Up” below).
CVE-2022-41033 patches a publicly exploited zero-day “elevation of privilege” bug in the Windows COM+ event service. CVE-2022-41043 is a publicly disclosed flaw in Office for Mac which could lead to data leakage.
Organizations running Kubernetes clusters on Azure should patch for an Elevation of Privilege vulnerability (CVE-2022-37968). There is a known issue with Windows Group Policy preferences. This was actually introduced last month but was late to be acknowledged by Microsoft.
SharePoint Server also has some new known issues with this month’s patches. See “Know Issues” below. One new standalone SSUs for Windows 8.1/Server 2012 R2.
FYI Windows 11 version 22H2 available through Windows Update.
Windows 11, version 22H2 known issues and notifications
Heads Up! Unpatched zero-day flaws affecting Microsoft Exchange Server 2013, 2016, and 2019 (CVE-2022-41040, CVE-2022-41082)
Exchange Online has detections and mitigation in place to protect customers. Administrators with on-prem Exchange servers should review the mitigations suggested in the security advisory
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
Note: An attacker needs authenticated network access for successful exploitation.
Security Update Guide
Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com
Microsoft Security Advisories
ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:10/11/2022)
Reason for Revision: A Servicing Stack Update has been released for Windows 8.1/Server 2012 R2.
A couple known issues are listed below affecting all Windows systems and SharePoint Server.
Windows Group Policy Preferences
Affects all Windows versions
Copying files/shortcuts using Group Policy Preferences might not work as expected
Symptom: After installing this update, file copies using Group Policy Preferences might fail or might create empty shortcuts or files using 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in User Configuration > Preferences > Windows Settings in Group Policy Editor.
Workaround: To mitigate this issue, you can do ONE of the following:
- Uncheck the “Run in logged-on user’s security context (user policy option)”. Note: This might not mitigate the issue for items using a wildcard (*).
- Within the affected Group Policy, change “Action” from “Replace” to “Update”.
- If a wildcard (*) is used in the location or destination, deleting the trailing “\” (backslash, without quotes) from the destination might allow the copy to be successful.
Status: We are working on a resolution and will provide an update in an upcoming release.
SharePoint 2010 workflows
Affects SharePoint Server (Foundation 2013/Enterprise Server 2016/Server 2019/SharePoint Server Subscription Edition)
SharePoint 2010 workflows might be blocked by enhanced security policy (KB5020238)
Symptoms: After you install the following October security updates for Microsoft SharePoint Server, some Microsoft SharePoint 2010 workflow scenarios might be blocked. Additionally, “6ksbk” event tags are logged in SharePoint Unified Logging System (ULS) logs.
Cause: To strengthen its security, SharePoint supports only UTF-8 encoding for the workflow .xoml file.
Workaround: To work around this issue, modify your workflow .xoml file to use UTF-8 encoding, and then redeploy it.
Good resource for known issues with Windows 10 patches. Find the version and click on “Known issues”.
Windows release health
Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB5018454 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5018474 – Windows 8.1, Windows Server 2012 R2
- KB5018457 – Windows Server 2012
- KB5018450 – Windows Server 2008 (ESU)
Security Only Update
- KB5018479 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5018476 – Windows 8.1, Windows Server 2012 R2
- KB5018478 – Windows Server 2012
- KB5018446 – Windows Server 2008 (ESU)
- KB5018425 – Original release version 1507 (OS Build 10240)
- KB5018411 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB5018419 – Version 1809 “October 2018 Update” (OS Build 17763)
- KB5018410 – Version 20H2 “October 2020 Update” (OS Build 19042)
- KB5018410 – Version 21H1 “May 2021 Update” (OS Build 19043)
- KB5018410 – Version 21H2 “November 2021 Update” (OS Build 19044)
(Versions 1511,1703,1709,1803,1903,2004 are no longer under support)
- KB5018418 – 21H2 (OS Build 22000) Original release
- KB5018418 – 22H2 (OS Build 22621)
- KB5018411 – Server 2016 (same KB as Windows 10 Version 1607)
- KB5018419 – Server 2019 (same KB as Windows 10 Version 1809)
- KB5018421 – Server 2022 (OS Build 20348)
October 2022 updates for Microsoft Office
CVE-2022-37968 | Azure Arc-enabled kubernetes cluster connect elevation of privilege vulnerability
– Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.
CVE-2022-37976 | Active Directory Certificate Services elevation of privilege vulnerability (Cumulative Update/Monthly Rollup)
– EoP vulnerability affecting Active Directory Certificate Services. An attacker who successfully exploited this vulnerability could gain domain administrator privileges.
CVE-2022-37979 | Windows Hyper-V Elevation of Privilege Vulnerability (Cumulative Update)
– An attacker on a Nested Hyper-V environment would gain Level 1 Hyper-V Windows Root OS privileges.
CVE-2022-38028 | Windows Print Spooler elevation of privilege vulnerability (Cumulative Update/Monthly Rollup)
– EoP vulnerability in Windows Print Spooler components. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges
CVE-2022-38053, CVE-2022-41036, CVE-2022-41037 and CVE-2022-41038 | Microsoft SharePoint Server remote code execution vulnerability (KB5002278,KB5002283,KB5002284,KB5002287,KB5002290)
– RCE vulnerabilities in Microsoft SharePoint Server. To exploit these vulnerabilities, a network-based attacker would need to be authenticated to the target SharePoint site with permission to use Manage Lists.
CVE-2022-41033 | Windows COM+ Event System Service elevation of privilege vulnerability (Cumulative Update/Monthly Rollup)
– EoP vulnerability in the Windows COM+ Event System Service. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges
CVE-2022-41043| Microsoft Office Information Disclosure Vulnerability (Office for Mac)
– The type of information that could be disclosed if an attacker successfully exploited this vulnerability is user tokens and other potentially sensitive information.