4 zero-day exploits add urgency to October’s Patch Tuesday



October brings 4 zero-day exploits and 74 updates to the Home windows ecosystem, together with a hard-to-test kernel replace (CVE-2021-40449) that requires rapid consideration and an Change Server replace that requires technical talent and due diligence (and a reboot). The testing profile for the October Patch Tuesday covers Home windows error dealing with, AppX, Hyper-V and Microsoft Phrase. We advocate a Patch Now schedule for Home windows after which staging the remaining patch teams in keeping with your regular launch sample.You’ll find extra data on the danger of deploying these Patch Tuesday updatesin this infographic.Key testing scenariosThere aren’t any reported high-risk adjustments to the Home windows platform. Nonetheless, there’s one reported purposeful change and a further characteristic added:
As all the time, verify that printing performs as anticipated with bodily printers and digital printers. Confirm there aren’t any points with printer drivers. We propose an evaluation of which printer driver software program continues to be utilizing 32-bit code for software administration.
Take a look at your non-English web sites, searching for damaged or uneven characters in Thai, Lao, Korean, and Arabic.
The Lively Listing characteristic BanndIP has been up to date. We propose validating AD authorization for each lively and passive community site visitors. You’ll find out extra right here.
Microsoft has up to date the media codec, so testing massive picture and video recordsdata needs to be a part of the testing plan.
The STORPORT.SYS element was up to date this month, so test purposes that rely on this Home windows characteristic.
I feel it’s now secure to say that the Microsoft AppX format was not as extensively adopted within the enterprise as anticipated. Even so, there have been important upgrades to Microsoft AppX containers and deployment instruments included on this October replace. When you’ve got an enterprise Microsoft “retailer” in your purposes, we advocate putting in/uninstalling each your AppX purposes and their related runtimes.On the subject of lesser-used Home windows options, the Microsoft NTFS file system was up to date to incorporate a repair for symbolic hyperlinks (useful with UNIX migrations). In case you are in the midst of a big UNIX migration, chances are you’ll wish to pause issues a bit of and take a look at out some massive (and parallel) file transfers earlier than deploying this replace.Recognized issuesEach month, Microsoft features a checklist of recognized points that relate to the working system and platforms included within the  replace cycle. I’ve referenced a number of key points that relate to the newest builds from Microsoft, together with:
Units with Home windows installations created from customized offline media or customized ISO pictures may need Microsoft Edge Legacy eliminated by this replace, however not routinely changed by the brand new Microsoft Edge. This problem is simply encountered when customized offline media or ISO pictures are created by slipstreaming this replace into the picture with out having first put in the standalone servicing stack replace (SSU) launched March 29, 2021 or later.
Main revisionsAt the time of scripting this for this July replace cycle, there have been two main updates to earlier launched updates:
CVE-2021-38624: Home windows Key Storage Supplier Safety Function Bypass Vulnerability. That is Microsoft’s third attempt at patching this Home windows key storage element, and sadly a serious improve was required. This month’s affected techniques embrace Home windows 11; Microsoft strongly beneficial that rapid motion be taken to replace techniques.
CVE-2021-33781: Azure AD Safety Function Bypass Vulnerability. Once more, one other third attempt to resolve this problem. Nonetheless, for this Azure AD problem, these newest adjustments are extra informational (correcting CVE titles and documentation) and embrace an up to date affected system checklist to incorporate Home windows 11. No additional motion required right here.
Mitigations and workarounds
CVE-2021-40444: Microsoft is investigating studies of a distant code execution vulnerability in MSHTML that impacts Home windows. The corporate is conscious of focused assaults that try to take advantage of this vulnerability by utilizing specially-crafted Microsoft Workplace paperwork. An attacker may craft a malicious ActiveX management for use by a Microsoft Workplace doc that hosts the browser rendering engine.
Every month, we break down the replace cycle into product households (as outlined by Microsoft) with the next fundamental groupings:
Browsers (Microsoft IE and Edge);
Microsoft Home windows (each desktop and server);
Microsoft Workplace;
Microsoft Change;
Microsoft Improvement platforms ( ASP.NET Core, .NET Core and Chakra Core);
Adobe (retired???, not but).
BrowsersMicrosoft printed 33 updates to the Chromium-based Edge browser this cycle. Given how Chromium doesn’t combine deeply into the desktop or server working system, potential collisions or dependency points are unlikely. You’ll find out extra concerning the Chromium challenge’s replace cycle andrelease notes right here. Nonetheless one of many key elements (IEFRAME.DLL) of Web Explorer (IE) was up to date this month. It’s potential that third-party purposes and in-house developed software program might rely on this key library. For this explicit replace, It appears to be like as if Microsoft has modified how browsers tabs are dealt with, notably how they’re created. In case you obtain “Invalid Pointer Unhealthy Ref Depend” (or related) errors in your testing, it might very effectively be associated to this replace to the core Web Explorer system libraries (DLL’s). Add each of those teams of browser updates to your common replace schedule.WindowsThis month, Microsoft printed 4 vital updates for the Home windows ecosystem and an extra 45 patches rated as vital. Sadly, replace CVE-2021-40449 for the Home windows Kernel has been reported as exploited. This pairs a difficult-to-test, low-level replace to Home windows core techniques with an urgency to mitigate or patch. We have now included testing steering in a bit above that covers lots of this month’s Home windows adjustments. Nonetheless, testing kernel updates may be very robust. Take a look at your core apps completely, launch your updates in rings or levels, and add this replace to your Patch Now schedule.Microsoft OfficeMicrosoft launched 16 updates to Microsoft Workplace and Microsoft SharePoint, with one rated as vital (CVE-2021-40486) affecting Microsoft Phrase and the remaining patches affecting Excel and SharePoint. The Phrase safety problem, whereas critical, has not been publicly disclosed and there aren’t any studies of exploits within the wild. Notice: SharePoint would require a reboot after its replace. We advocate including these to your common patch launch schedule. Microsoft Change ServerUnfortunately, Microsoft Change Server updates are again for October. There are 4 patches for Change Server (each 2016 and 219), all rated as vital. Nonetheless, CVE-2021-36970 has a base ranking of 9.0, in keeping with the vulnerability ranking system CVSS. That is actually excessive (that means critical) and normally would warrant a vital ranking from Microsoft. Nonetheless, as a result of limitation of the “scope” of vulnerability, the potential injury is far decreased.Microsoft has printed up to date documentation detailing various recognized points regarding this month’s Change Server patches the place a guide software of MSP recordsdata doesn’t accurately set up the entire needed recordsdata. As well as, misapplying this replace might depart your Change server in a disabled state. This problem applies to the next October updates:This set up problem is a specific concern when making use of updates utilizing Consumer Account Management (UAC), and doesn’t occur if you use Microsoft Replace. In any other case, observe that this Change replace would require a server reboot; we advocate including this replace to your common replace schedule.Microsoft Improvement PlatformsMicrosoft launched three updates to Visible Studio and one patch for .NET 5.0 this month. All have been rated as vital by Microsoft and at worst may result in data disclosure or “denial of service” (software particular and localized). The Visible Studio updates are very easy and needs to be included in your commonplace improvement launch cycle. Adobe (actually simply Reader)Adobe launched 4 updates to its core Reader product group with safety bulletin APSB1221-104. Two of those updates (CWE-416 and CWE-787) are rated as vital by Adobe. Whereas each of those have CVSS scores of seven.8 (which is fairly excessive for a PDF reader) they don’t require an pressing replace. Add these to your common replace schedule.

Copyright © 2021 IDG Communications, Inc.