PHL Tech Magazine

Post: Four zero-days make July ‘s Patch Tuesday a ‘patch now’ update

coder_prem

coder_prem

Hi, I'm Prem. I'm professional WordPress Web Developer. I developed this website. And writing articles about Finance, Startup, Business, Marketing and Tech is my hobby.
Hope you will always get informative articles which will help you to startup your business.
If you need any kind of wordpress website then feel free to contact me at webexpertprem@gmail.com

Categories


With this month’s Patch Tuesday update, Microsoft addressed 130 security vulnerabilities, published two advisories, and included four major CVE revisions. We also have four zero-days to manage for Windows (CVE-2023-32046, CVE-2023-32049, CVE-2023-36874 and CVE-2023-36884), bringing the Windows platform into a “patch now” schedule.

It should be easier to focus on Microsoft Office and Windows testing this month, as we do not have any Adobe, Exchange, or browser updates. Be sure to carefully review Microsoft’s Storm 0978 as it provides specific, actionable guidance on managing the serious HTML vulnerability in Microsoft Office (CVE-2022-38023).

The Readiness team has crafted this helpful infographic to outline the risks associated with each of the updates.

Known issues

Microsoft each month lists known issues that relate to the operating system and platforms included in the latest update cycle.

  • After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are affected. Microsoft and VMware are investigating the problem and will offer more information when it’s available.
  • Using provisioning packages on Windows 11, version 22H2 might not work as expected. Windows might only be partially configured, and the out-of-box experience might not finish or might restart unexpectedly.

Major revisions

Microsoft has published two major revisions:

  •  CVE-2022-37967: Windows Kerberos Elevation of Privilege Vulnerability (4th update). This updates removes the ability to set value 1 for the KrbtgtFullPacSignature subkey, and enable the Enforcement mode (Default) (KrbtgtFullPacSignature = 3) which can be overridden by an Administrator with an explicit Audit setting. No further action is required if you apply this month’s update.
  • CVE-2022-38023: Netlogon RPC Elevation of Privilege Vulnerability. The (previous) April 2023 updates remove the ability to disable RPC sealing by setting value 0 to the RequireSeal registry subkey.

Mitigations and workarounds

Microsoft published the following vulnerability-related mitigations for this release:

Copyright © 2023 IDG Communications, Inc.

Lora Helmin

Lora Helmin

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Popular Posts

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.