Patch Tuesday is here again, this time with a plethora of updates. November 2022’s Patch Tuesday lists fixes for 68 vulnerabilities, including six zero days. With all of the zero-day vulnerabilities being actively exploited, admins need to implement these patches as soon as possible.
After an initial discussion about this month’s updates, we’ll offer our advice for devising a plan to handle patch management in a hybrid work environment. You can also register for our free Patch Tuesday webinar and listen to our experts break down Patch Tuesday updates in detail.
What is Patch Tuesday?
Patch Tuesday falls on the second Tuesday of every month. On this day, Microsoft releases security and non-security updates for its operating system and other related applications. Since Microsoft has upheld this process of releasing updates in a periodic manner, IT admins expect these updates and have time to gear up for them.
Why is Patch Tuesday important?
Important security updates and patches to fix critical bugs or vulnerabilities are released on Patch Tuesday. Usually zero-day vulnerabilities are also fixed during Patch Tuesday unless the vulnerability is critical and highly exploited, in which case an out-of-band security update is released to address that particular vulnerability.
November 2022 Patch Tuesday: Security updates lineup
Security updates were released for the following products, features, and roles:
-
.NET Framework
-
AMD CPU Branch
-
Azure
-
Azure Real Time Operating System
-
Linux Kernel
-
Microsoft Dynamics
-
Microsoft Exchange Server
-
Microsoft Graphics Component
-
Microsoft Office
-
Microsoft Office Excel
-
Microsoft Office SharePoint
-
Microsoft Office Word
-
Network Policy Server (NPS)
-
Open Source Software
-
Role: Windows Hyper-V
-
SysInternals
-
Visual Studio
-
Windows Advanced Local Procedure Call
-
Windows ALPC
-
Windows Bind Filter Driver
-
Windows BitLocker
-
Windows CNG Key Isolation Service
-
Windows Devices Human Interface
-
Windows Digital Media
-
Windows DWM Core Library
-
Windows Extensible File Allocation
-
Windows Group Policy Preference Client
-
Windows HTTP.sys
-
Windows Kerberos
-
Windows Mark of the Web (MOTW)
-
Windows Netlogon
-
Windows Network Address Translation (NAT)
-
Windows ODBC Driver
-
Windows Overlay Filter
-
Windows Point-to-Point Tunneling Protocol
-
Windows Print Spooler Components
-
Windows Resilient File System (ReFS)
-
Windows Scripting
-
Windows Win32K
Learn more in the MSRC’s release notes.
Six zero-day vulnerabilities patched
November’s Patch Tuesday comes with updates for six zero-day vulnerabilities, all of which are being actively exploited, with one being publicly disclosed.
-
CVE-2022-41128 – Windows Scripting Languages Remote Code Execution Vulnerability
This vulnerability was discovered by Clément Lecigne of Google’s Threat Analysis Group, and as per Microsoft’s advisory:
“This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.”
-
CVE-2022-41091 – Windows Mark of the Web Security Feature Bypass Vulnerability
“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.”
-
CVE-2022-41073 – Windows Print Spooler Elevation of Privilege Vulnerability
Discovered by the Microsoft Threat Intelligence Center (MSTIC), the advisory says, “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”
-
CVE-2022-41125 – Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”
-
CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability
“The privileges acquired by the attacker would be the ability to run PowerShell in the context of the system.”
-
CVE-2022-41082 – Microsoft Exchange Server Remote Code Execution Vulnerability
“The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call.”
In addition to these vulnerabilities, Microsoft has also released updates for two actively exploited vulnerabilities that were released in November: CVE-2022-41040 and CVE-2022-41082.
Third-party updates released after last month’s Patch Tuesday
Third-party vendors such as Citrix, Apple, Google, Cisco, SAP, and OpenSSL have released updates after last month’s Patch Tuesday.
Best practices to handle patch management in a hybrid work environment
Most organizations have opted to embrace remote work even after they have been cleared to return to the office. This decision poses various challenges to IT admins, especially in terms of managing and securing distributed endpoints.
Here are a few pointers to simplify the process of remote patching:
-
Disable automatic updates because one faulty patch could bring down the whole system. IT admins can educate end users on how to disable automatic updates on their machines. Patch Manager Plus and Endpoint Central also have a dedicated patch, 105427, that can be deployed to endpoints to ensure that automatic updates are disabled.
-
Create a restore point—a backup or image that captures the state of the machines—before deploying big updates like those from Patch Tuesday.
-
Establish a patching schedule and keep end users informed about it. It is recommended to set up a time for deploying patches and rebooting systems. Let end users know what needs to be done on their end for trouble-free patching.
-
Test the patches on a pilot group of systems before deploying them to the production environment. This will ensure that the patches do not interfere with the workings of other applications.
-
Since many users are working from home, they all might be working different hours; in this case, you can allow end users to skip deployment and scheduled reboots. This will give them the liberty to install updates at their convenience and avoid disrupting their work. Our patch management products come with options for user-defined deployment and reboot.
-
Most organizations are deploying patches using a VPN. To stop patch tasks from eating up your VPN bandwidth, install Critical patches and security updates first. You might want to hold off on deploying feature packs and cumulative updates since they are bulky updates and consume a lot of bandwidth.
-
Schedule the non-security updates and security updates that are not rated Critical to be deployed after Patch Tuesday, such as during the third or fourth week of the month. You can also choose to decline certain updates if you feel they are not required in your environment.
-
Run patch reports to get a detailed view of the health status of your endpoints.
-
For machines belonging to users returning to the office after working remotely, check if they are compliant with your security policies. If not, quarantine them.
-
Install the latest updates and feature packs before deeming your back-to-office machines fit for production.
-
Take inventory of and remove apps that are now obsolete for your back-to-office machines, like remote collaboration software.
With Endpoint Central or Patch Manager Plus, you can completely automate the entire process of patch management, from testing patches to deploying them. You can also tailor patch tasks according to your current needs. For a hands-on experience with either of these products, try a free, 30-day trial and keep thousands of applications patched and secure.
Want to learn more about Patch Tuesday updates? Join our experts as they break down this month’s Patch Tuesday updates and offer in-depth analysis. You can also ask our experts questions and get answers to all your Patch Tuesday questions. Register for our free Patch Tuesday webinar.
Ready, get set, patch!