This patch Tuesday is a rare update from Microsoft, adding Windows, the Microsoft development platform, and Adobe Reader to the “Patch Now” schedule.
These updates are zero-day patchesCVE-2021-40444) In the core Microsoft browser library MSHTML. This update not only causes serious problems with remote code execution, but can also cause unexpected behavior in legacy applications that depend on or contain this browser component. Evaluate your portfolio of key apps with these dependencies and perform full functional testing before deploying. (We have identified some important mitigation strategies for handling ActiveX controls and protecting the system during the testing and deployment phases.)
There is also more information about the risks of deploying these patches Tuesday patches.With this infographic..
Key test scenarios
No high-risk changes to the Windows platform have been reported this month. However, there is one feature change and addition that has been reported.
- As always, make sure that printing works as expected on both the physical and virtual printers. Make sure the printer driver is okay and check the printer driver software that uses 32-bit code for application management.
- Make sure that Windows event tracing is working as expected. The log is displayed in Event Viewer.
- Make sure that the connection using Remote Desktop Gateway and Virtual Private Network (VPN) works as expected.
- Test SCCRUN objects such as Scripting.FileSystemObject, textStream, Scripting.Dictionary.look This Microsoft document When Dictionary Object | Microsoft Docs For additional information.
- the user Authority You can access files on SMB shares. Make sure you access the file using the create / copy / delete / read / write / rename / close functions as expected.
Testing and printing legacy apps will be an important task when managing this September update (and in the near future). To avoid “thunks”, it is important to look for printer driver software that uses 32-bit code for app management.This concern It is related to how memory is handled between 32-bit and 64-bit applications. If you’re looking for a scenario where everything breaks at an unpredictable time and affects your core system, try using your old printer management software to find your old printer driver.
In fact, the results are likely to find you.
We often focus on printing and legacy apps, but during the pandemic, remote work has increased significantly. This month, we provide the following recommendations for VPN-specific testing:
- Make sure that Windows Update is installed reliably over VPN and non-VPN connections and that the updates are installed successfully.
- Make sure your antivirus works as expected over the VPN connection.
- Ensures the ability to obtain DHCP addresses and network connections over wired and wireless network connections, with or without 802.1x.
Every month, Microsoft publishes a list of known issues related to the latest update cycle operating system and platform. We have referred to some important issues related to the latest build of Microsoft, including:
- This month, all Windows 10 updates include a fix that addresses an issue that causes PowerShell to create an infinite number of child directories. This issue occurs when you use the PowerShell Move-Item command to move a directory to one of its children. As a result, the volume becomes full and the system stops responding.
At the time of writing (July update cycle), there were four major updates to the previously released updates.
- CVE-2021-1678: Windows Print Spooler spoofing vulnerability.
- CVE-2021-36958: Windows Print Spooler remote code execution vulnerability.
- CVE-2021-40444: Microsoft MSHTML Remote Code Execution Vulnerability.
Mitigation and workarounds
This month, Microsoft MSHTML update. society (Not the first time) We recommend disabling Active X. As a general rule, we recommend disabling ActiveX and using Group Policy on managed platforms. Here are some simple steps to make sure ActiveX is disabled:
- Select a zone (Internet Zone, Intranet Zone, Local Machine Zone, or Trusted Site Zone).
- Double click Download the signed ActiveX control and enable the policy..Then set the policy options as follows: To disable..
- Double click Download the unsigned ActiveX control and enable the policy..Then set the policy options as follows: To disable..
You can also specify specific registry keys and component IDs for individual apps (such as Microsoft Word) —Click here for details.. It is also recommended to place the document opened with “”.Protected viewUse the Office version with Application guard.. Also, if you deployed Defender with the full Microsoft stack, you can use: Reduction of attack surface Rules to reduce the threat of exposure to this serious security issue.
Each month, the update cycle is categorized into product families (defined by Microsoft) in the following basic groupings:
- Browsers (Microsoft IE and Edge);
- Microsoft Windows (both desktop and server);
- Microsoft Office;
- Microsoft Exchange;
- Microsoft Development Platform ( ASP.NET Core, .NET Core, Chakra Core);
- Adobe (retired? Not yet).
This month, Microsoft released 26 updates for the Chromium-based Edge browser. In addition to these patches, the Chromium project also released 11 security-related updates in September this year (Chrome release notes).The browser wars are over and Microsoft is now using open source, but one permanent type of security issue is “Use After Free” memory (also known as “Use After Free” memory. Dangling pointer) Allocation error.They are Memory allocation class The number of errors remains the most common, and this month’s update (read CVE-2021-30610) is a good example of an ongoing battle to stay ahead of the bad guys. The changes proposed to Edge have minimal or no impact on enterprise systems this month. Add these updates to your standard desktop update schedule.
Microsoft has released 35 updates to the Windows platform, two of which were rated critical (CVE-2021-36965 When CVE-2021-26435) For this cycle. This isn’t the biggest update we’ve seen for a while, but this release has impacted many major platform areas, including networks, kernel drivers, Windows installers, and major graphics components (major graphics components). increase.GDI), And some major diagnostic tools (Windows error reporting).
However, the real concern of this month’s testing and deployment team is the re-release. CVE-2021-40444.. Released earlier this month, there have been two updates since its first release. The MSHTML issue is a real concern as it is related to the core browser components commonly used in many applications. It’s like embedding Internet Explorer in a core line-of-business application (yes, I know).
You really don’t need this component in your development portfolio, so you need to quickly find out which applications depend on it. A quick scan of common applications that utilize the MSHTML library found that 5-10% of “legacy applications” (applications over 5 years old) depended directly on MSHTML. These applications require rigorous testing and can be an area of concern for any business. Unfortunately, we need to add these Windows Updates to this month’s “Patch Now” schedule.
Microsoft released 12 updates to the Office platform this month, all of which are rated as important. (Correct. There are no significant Office, Exchange, or SharePoint updates in this patch cycle.) This month, Word, Excel, Visio, and shared Microsoft Office libraries (such as shared code common to MSOs and all Microsoft Office components). ) Is affected. The reported security issues do not include the “Preview Pane” or other highly vulnerable attack vectors.
Add these September Microsoft updates to the standard release schedule.
Microsoft Exchange Server
In September of this year, we are fortunate to not have to deploy urgent updates to Microsoft Exchange Server. That said, SharePoint Server has two updates (CVE-2021-38651, CVE-2021-38652)You should be careful. Both require the server to be restarted. So even if the level of urgency drops, we’re still restarting the Office server this month.
No further action is required for Exchange Server related updates.
Microsoft development platform
Microsoft has released three updates for the Visual Studio platform (CVE-2021-36952, CVE-2021-26437, CVE-2021-26434) All were evaluated as important. It is generally recommended that you review these updates and add them to your standard release schedule.But we think CVE-2021-36952 When CVE-2021-26434 There is a possibility of remote code execution (RCE), so prompt action is required. Privilege elevation scenario..
I would like to say that the RCE issue is today’s issue. Privilege Elevation (EOP) concerns are an issue this afternoon. Add this Microsoft developer update to your Patch Now schedule. And yes, we haven’t made this recommendation for at least two years.
Adobe (really just a leader)
This section was previously set up over the years to handle numerous (and sometimes painful) updates to Adobe Flash. With recent (and preferably final) updates, including Flash and Shockwave killbits, we believe this section should be deprecated. However, Adobe Reader is a core component of most enterprise desktops and may continue to be the default PDF reader for the next few years.
Therefore, instead of focusing on all Adobe products, we address security-related issues in PDF (especially print) and Adobe Reader. And if you’re lucky, there are plenty of Adobe updates for September (which preserves the “treasure” for October), with a particular focus on Acrobat.
Released by Adobe 26 updates Seven were rated critical because they relate to memory issues that can lead to remote code execution (7)RCE)scenario. These reported vulnerabilities have some serious problems, but they all require user interaction and have not been published or exploited. Add these Adobe Reader updates to the “Patch Now” update release cycle.
And yes, this is the first time we have made this recommendation.
Copyright © 2021 IDG Communications, Inc.
Legacy apps are at risk with the September patch Tuesday update
Source link Legacy apps are at risk with the September patch Tuesday update