October brings 4 zero-day exploits and 74 updates to the Home windows ecosystem, together with a hard-to-test kernel replace (CVE-2021-40449) that requires speedy consideration and an Alternate Server replace that requires technical talent and due diligence (and a reboot). The testing profile for the October Patch Tuesday covers Home windows error dealing with, AppX, Hyper-V and Microsoft Phrase. We suggest a Patch Now schedule for Home windows after which staging the remaining patch teams in keeping with your regular launch sample.

You’ll find extra data on the chance of deploying these Patch Tuesday updatesin this infographic.

Key testing eventualities

There aren’t any reported high-risk adjustments to the Home windows platform. Nonetheless, there’s one reported practical change and a further function added:

• As all the time, verify that printing performs as anticipated with bodily printers and digital printers. Confirm there aren’t any points with printer drivers. We recommend an evaluation of which printer driver software program remains to be utilizing 32-bit code for utility administration.
• Take a look at your non-English web sites, in search of damaged or uneven characters in Thai, Lao, Korean, and Arabic.
• The Energetic Listing function BanndIP has been up to date. We recommend validating AD authorization for each lively and passive community visitors. You possibly can find out more here.
• Microsoft has up to date the media codec, so testing giant picture and video information ought to be a part of the testing plan.
• The STORPORT.SYS part was up to date this month, so verify purposes that rely upon this Home windows function.

I believe it’s now secure to say that the Microsoft AppX format was not as extensively adopted within the enterprise as anticipated. Even so, there have been important upgrades to Microsoft AppX containers and deployment instruments included on this October replace. In case you have an enterprise Microsoft “retailer” on your purposes, we suggest putting in/uninstalling each your AppX purposes and their related runtimes.

On the subject of lesser-used Home windows options, the Microsoft NTFS file system was up to date to incorporate a fix for symbolic links (useful with UNIX migrations). In case you are in the midst of a big UNIX migration, you could wish to pause issues a little bit and take a look at out some giant (and parallel) file transfers earlier than deploying this replace.

Identified points

Every month, Microsoft features a record of identified points that relate to the working system and platforms included within the  replace cycle. I’ve referenced just a few key points that relate to the most recent builds from Microsoft, together with:

• Gadgets with Home windows installations created from customized offline media or customized ISO pictures may need Microsoft Edge Legacy eliminated by this replace, however not robotically changed by the brand new Microsoft Edge. This challenge is just encountered when customized offline media or ISO pictures are created by slipstreaming this replace into the picture with out having first put in the standalone servicing stack replace (SSU) launched March 29, 2021 or later.

Main revisions

On the time of scripting this for this July replace cycle, there have been two main updates to earlier launched updates:

• CVE-2021-38624: Home windows Key Storage Supplier Safety Characteristic Bypass Vulnerability. That is Microsoft’s third attempt at patching this Home windows key storage part, and sadly a serious improve was required. This month’s affected techniques embrace Home windows 11; Microsoft strongly beneficial that speedy motion be taken to replace techniques.
• CVE-2021-33781: Azure AD Safety Characteristic Bypass Vulnerability. Once more, one other third attempt to resolve this challenge. Nonetheless, for this Azure AD challenge, these newest adjustments are extra informational (correcting CVE titles and documentation) and embrace an up to date affected system record to incorporate Home windows 11. No additional motion required right here.

Mitigations and workarounds

• CVE-2021-40444: Microsoft is investigating studies of a distant code execution vulnerability in MSHTML that impacts Home windows. The corporate is conscious of focused assaults that try to use this vulnerability by utilizing specially-crafted Microsoft Workplace paperwork. An attacker may craft a malicious ActiveX management for use by a Microsoft Workplace doc that hosts the browser rendering engine.

Every month, we break down the replace cycle into product households (as outlined by Microsoft) with the next fundamental groupings:

• Browsers (Microsoft IE and Edge);
• Microsoft Home windows (each desktop and server);
• Microsoft Workplace;
• Microsoft Alternate;
• Microsoft Improvement platforms ( ASP.NET Core, .NET Core and Chakra Core);
• Adobe (retired???, not but).

Browsers

Microsoft printed 33 updates to the Chromium-based Edge browser this cycle. Given how Chromium doesn’t combine deeply into the desktop or server working system, potential collisions or dependency points are unlikely. You’ll find out extra in regards to the Chromium venture’s replace cycle andrelease notes here. 

Nonetheless one of many key elements (IEFRAME.DLL) of Web Explorer (IE) was up to date this month. It’s doable that third-party purposes and in-house developed software program could rely upon this key library. For this explicit replace, It appears to be like as if Microsoft has modified how browsers tabs are dealt with, notably how they’re created. In the event you obtain “Invalid Pointer Unhealthy Ref Depend” (or comparable) errors in your testing, it might very effectively be associated to this replace to the core Web Explorer system libraries (DLL’s). Add each of those teams of browser updates to your common replace schedule.

Home windows

This month, Microsoft printed 4 vital updates for the Home windows ecosystem and an additional 45 patches rated as essential. Sadly, replace CVE-2021-40449 for the Home windows Kernel has been reported as exploited. This pairs a difficult-to-test, low-level replace to Home windows core techniques with an urgency to mitigate or patch. We’ve got included testing steerage in a piece above that covers loads of this month’s Home windows adjustments. Nonetheless, testing kernel updates could be very robust. Take a look at your core apps completely, launch your updates in rings or levels, and add this replace to your Patch Now schedule.

Microsoft Workplace

Microsoft launched 16 updates to Microsoft Workplace and Microsoft SharePoint, with one rated as vital (CVE-2021-40486) affecting Microsoft Phrase and the remaining patches affecting Excel and SharePoint. The Phrase safety challenge, whereas severe, has not been publicly disclosed and there aren’t any studies of exploits within the wild. Observe: SharePoint would require a reboot after its replace. We suggest including these to your common patch launch schedule.

Microsoft Alternate Server

Sadly, Microsoft Alternate Server updates are again for October. There are 4 patches for Alternate Server (each 2016 and 219), all rated as essential. Nonetheless, CVE-2021-36970 has a base score of 9.0, in keeping with the vulnerability score system CVSS. That is actually excessive (that means severe) and normally would warrant a vital score from Microsoft. Nonetheless, as a result of limitation of the “scope” of vulnerability, the potential injury is far decreased.

Microsoft has printed up to date documentation detailing quite a lot of identified points referring to this month’s Alternate Server patches the place a guide utility of MSP information doesn’t appropriately set up the entire vital information. As well as, misapplying this replace could go away your Alternate server in a disabled state. This challenge applies to the next October updates:

This set up challenge is a specific concern when making use of updates utilizing Consumer Account Management (UAC), and doesn’t occur if you use Microsoft Replace. In any other case, notice that this Alternate replace would require a server reboot; we suggest including this replace to your common replace schedule.

Microsoft Improvement Platforms

Microsoft launched three updates to Visible Studio and one patch for .NET 5.0 this month. All had been rated as essential by Microsoft and at worst may result in data disclosure or “denial of service” (utility particular and localized). The Visible Studio updates are very easy and ought to be included in your normal improvement launch cycle.

Adobe (actually simply Reader)

Adobe launched 4 updates to its core Reader product group with safety bulletin APSB1221-104. Two of those updates (CWE-416 and CWE-787) are rated as vital by Adobe. Whereas each of those have CVSS scores of seven.8 (which is fairly excessive for a PDF reader) they don’t require an pressing replace. Add these to your common replace schedule.