Microsoft’s February Patch Tuesday replace offers with 76 vulnerabilities that have an effect on Home windows, Trade, Workplace, and Microsoft improvement instruments — and three Home windows vulnerabilities (CVE-2023-21823, CVE-2023-21715 and CVE-2023-23376) have been reported as exploited within the wild and require speedy consideration.

Although it will get a decrease score from Microsoft, the Trade points additionally warrant a fast response. In the meantime, the Microsoft Workplace and improvement platform updates could be added to your common launch schedule.

The workforce at Readiness has offered this infographic that outlines the dangers related to every of the updates on this month’s replace.

Recognized points

Microsoft features a listing of identified points that relate to the working system and platforms within the newest updates:

• XPS paperwork that make the most of structural or semantic parts like desk construction, storyboards, or hyperlinks could not show accurately in WPF-based readers. To deal with this situation, Microsoft offered a PowerShell script the place you possibly can run the command: .kb5022083-compat.ps1 -Set up. This command provides the next registry key: “HKLMSOFTWAREMicrosoft.NETFrameworkWindows Presentation FoundationXPSAllowedTypes” /v “DisableDec2022Patch” /t REG_SZ /d “*” /reg:64
• Copying massive multiple-gigabyte recordsdata may take longer than anticipated to complete in Home windows 11 model 22H2. You usually tend to expertise this situation copying recordsdata from a community share by way of Server Message Block (SMB), however native file copy may additionally be affected.

In case you are nonetheless utilizing Microsoft’s Home windows Server 2012 for area authentication, chances are you’ll expertise the next identified situation: area be a part of operations could be unsuccessful and error “0xaac (2732): NERR_AccountReuseBlockedByPolicy” happens. Moreover, textual content saying, “An account with the identical identify exists in Lively Listing. Re-using the account was blocked by safety coverage” could be displayed. Microsoft has offered extra steering (KB5020276) on managing this situation as a part of the ESU program.

Main revisions

Microsoft revealed three main revisions this month:

• CVE-2023-21705 and CVE-2023-21713: Microsoft SQL Server Distant Code Execution Vulnerability. These revisions prolong help for legacy (ESU) SQL merchandise. No additional motion required.
• CVE-2023-21721: Microsoft OneNote Elevation of Privilege Vulnerability. It is a minor informational change — no motion obligatory.

Mitigations and workarounds

Microsoft has revealed the next vulnerability-related mitigations for this launch:

• CVE-2023-21804: Home windows Graphics Part Elevation of Privilege Vulnerability. Solely Home windows computer systems which have the XPS doc author characteristic put in are weak. In Home windows 10, the XPS Doc Author is put in by default; in Home windows 11, it’s not.
• CVE-2023-21803: Home windows iSCSI Discovery Service Distant Code Execution Vulnerability. By default, the iSCSI Initiator consumer software is disabled and can’t be exploited. For a system to be weak, the iSCSI Initiator consumer software would should be enabled.
• CVE-2023-21713, CVE2023-21705: Microsoft SQL Server Distant Code Execution Vulnerability. That is solely exploitable if this non-obligatory characteristic is enabled and working on a SQL occasion. (The characteristic will not be accessible in Azure SQL cases.)
• CVE-2023-21692, CVE-2023-21690 and CVE-2023-21689: Microsoft Protected Extensible Authentication Protocol (PEAP) Distant Code Execution. PEAP is barely negotiated with the consumer if NPS is working on the Home windows Server and has a community coverage configured that permits PEAP vulnerability. Be taught extra about configuring Microsoft PEAP right here.

Testing steering 

Every month, the workforce at Readiness analyses the newest Patch Tuesday updates and supplies detailed, actionable testing steering. That is based mostly on assessing a big software portfolio and an in depth evaluation of the Microsoft patches and their potential affect on Home windows and software installations.

Given the big variety of adjustments included this month, I’ve damaged down the testing situations into high-risk and standard-risk teams:

Excessive Danger

As all of the high-risk adjustments have an effect on the Home windows printing subsystem once more this month, we’ve not seen any revealed performance adjustments. We strongly suggest the next printing targeted testing:

• The Microsoft “MS Writer Imagesetter” has been up to date considerably. These are built-in drivers that at the moment are over a decade outdated. There have been studies of unhealthy printing high quality from utilizing these drivers, so an replace was undoubtedly wanted.
• Take a look at printing utilizing V3 printer drivers with each coloration and black/white. Verify for lacking content material.
• There’s been an replace to how Home windows handles URLs, particularly when printing. A fast run-through of opening internet pages that reference Microsoft Phrase, PowerPoint, and Excel after which exercising a easy print job ought to spotlight any points.

All these situations would require important application-level testing earlier than a basic deployment of the replace. As well as, we propose a basic take a look at of the next printing options:

• 32-bit purposes that require printing on 64-bit gadgets require testing. Take note of software exit as this will generate reminiscence associated errors.
• Take a look at your backup programs and be sure that your error and associated system logs seem right.
• Take a look at your VPN connections if you’re utilizing the PEAP protocol. This protocol adjustments steadily, we suggest that you simply subscribe to the Microsoft RSS feed for future adjustments.
• Take a look at your ODBC connections, database, and SQL instructions.

Although you will not must conduct massive file switch testing this month, we extremely suggest testing (very) lengthy UNC paths from totally different machines. Our focus was on community paths accessing a number of machines throughout totally different variations of Home windows. Along with these situations, Microsoft up to date the system kernel and core graphics parts (GDI). Positively “smoke take a look at” your core or line-of-business apps and take note of graphics-intensive purposes.

Given the fast adjustments and frequent updates to purposes (and their dependencies) in a contemporary software portfolio, be sure that your programs are “cleanly” uninstalling earlier software variations. Leaving legacy purposes or remnant parts may expose your system to patched vulnerabilities.

Home windows lifecycle replace

This part incorporates essential adjustments to servicing (and most safety updates) to Home windows desktop and server platforms. With Home windows 10 21H2 now out of mainstream help, the next Microsoft purposes will attain finish of mainstream help or servicing in 2023:

• Visio Providers in SharePoint (in Microsoft 365) — Feb. 10, 2023 (retired);
• Microsoft Endpoint Configuration Supervisor, Model 2107 — Feb 2, 2023 (finish of service).

Every month, we break down the replace cycle into product households (as outlined by Microsoft) with the next primary groupings:

• Browsers (Microsoft IE and Edge).
• Microsoft Home windows (each desktop and server).
• Microsoft Workplace.
• Microsoft Trade Server.
• Microsoft Improvement platforms ( ASP.NET Core, .NET Core and Chakra Core).
• Adobe (retired???, perhaps subsequent yr).

Browsers

Microsoft launched three updates to its (Chromium) Edge browser: CVE-2023-21794, CVE-2023-23374 and CVE-2023-21720 . You will discover Microsoft’s model of these launch notes right here and the Google Desktop channel launch notes right here. There have been no different updates to Microsoft browser (or rendering engines) this month. Add these updates to your commonplace patch launch schedule.

Home windows

Microsoft launched 4 crucial updates and 32 “essential” patches to the Home windows platform that cowl the next key parts:

• Microsoft PostScript Printer Driver (with updates to FAX and SCAN);
• Home windows ODBC, OLE, WDAC Driver;
• Home windows Widespread Log File System Driver;
• and Home windows Cryptographic Providers and Kerberos.

Whereas the Microsoft PEAP authentication distant code vulnerabilities (CVE-2023-21689 and CVE2023-21690) are probably the most worrisome, the remaining updates that solely have an effect on Home windows usually are not as harmful as we have seen prior to now. Sadly, three Home windows vulnerabilities (CVE-2023-21823, CVE-2023-21715 and CVE-2023-23376) have been reported as exploited within the wild. As a consequence, add this replace to your “Patch Now” launch schedule.

Microsoft Workplace

Microsoft launched a patch addressing a crucial vulnerability (CVE-2023-21706) in Microsoft Phrase that might result in distant code execution. There are 5 different updates for the Workplace platform (together with SharePoint), all rated essential. We’ve got not had any studies of exploits within the wild for the crucial Phrase situation, so we suggest that you simply add these Workplace updates to your standard-release schedule.

Microsoft Trade Server

We’re going to have to interrupt some guidelines this month. Microsoft has launched 4 patches to Microsoft Trade Server (CVE-2023-21706, CVE-2023-21707, CVE-2023-21529, CVE-2023-21710) all of that are rated essential. Sadly, CVE-2023-21529 may result in distant code execution and actually could possibly be classed as a crucial vulnerability.

This vulnerability doesn’t require person interplay, is accessible by way of distant programs and doesn’t require native privileges on the native system. All supported variations of Trade are weak. We’re seeing studies of Trade crypto-mining assaults already. We’re going to add CVE-2023-21529 to our “Patch Now” schedule.

Microsoft improvement platforms

Microsoft launched three crucial updates affecting Visible Studio and .NET (CVE-2023-21808, CVE-2023-21815 and CVE-2023-23381) that might result in arbitrary code execution. On preliminary examination, it seems that these had been distant accessible, considerably elevating the dangers, however these developer-related vulnerabilities all require native entry. Coupled with 5 different elevation of privilege vulnerabilities additionally affecting Microsoft Visible Studio (all rated essential) as effectively, we do not see an pressing patch requirement. Add these updates to your commonplace developer launch schedule.

Adobe Reader (nonetheless right here, however simply not this month)

No updates from Adobe for Reader or Acrobat this month. That stated, Adobe has launched various safety updates for its different merchandise with APSB23-02. I feel that we’ve sufficient printing and a few Microsoft XPS points to check and deploy to maintain us busy.