Windows end users have noted a wide range of troubles when applying the newest Patch Tuesday updates from Microsoft.
The new batch of updates observed fixes for 83 flaws in full, including two actively exploited zero-working day vulnerabilities – a single of which impacted Outlook for a number of months concerning April and December 2022.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Tracked as CVE-2023-23397, this vulnerability was discovered to have been exploited by a hacker group with hyperlinks to the Russian intelligence assistance, GRU. With a severity rating of 9.8, Microsoft recommended admins to issue an quick patch for the flaw.
Nonetheless, users on the sysadmin Reddit neighborhood unveiled they have encountered issues when patching, with some noting that Windows 11 units have failed to authenticate with Outlook.
“Several of our Windows 11 PCs are not authenticating with Outlook (Microsoft 365) at all and the standard troubleshooting steps don’t deal with it,” one particular person warned. “A profile reset was required, we observed.”
“For CVE-2023-23397, in a take a look at setting I extra a user to the App Impersonation function, but when I run the script, it fails with a 401 unauthorised [error],” one more additional.
The source of this bug seems to be rooted in how admins are expected to put into action fixes for the Outlook vulnerability.
In its advisory, Microsoft said that consumers “must set up the Outlook security update, irrespective of where your mail is hosted (e.g. Trade Online, Trade Server, some other system)”.
“But if your mailboxes are in Trade On the net or on Trade Server, right after putting in the Outlook update, you can use a script we developed to see if any of your consumers have been qualified utilizing the Outlook vulnerability,” Microsoft included.
“The script will notify you if any buyers have been focused by perhaps malicious messages and allow for you to modify or delete all those messages if any are found.”
Microsoft observed that the script “will take some time to run” and advised that admins prioritise consumer mailboxes that are of “higher worth to attackers”, this kind of as executives, senior leadership personnel or admins.
Complications with the Outlook security update have been not the only troubles encountered by technique admins. Other issues integrated:
- Inability to issue printer driver updates
- Failure to commence Windows Deployment Expert services (WDS) soon after update reboots
- DCOM hardening measures stopping admins from turning off modifications via the registry
- Microsoft Trade workaround difficulties
This isn’t the initial time admins have been pressured to contend with damaged patches issued by Microsoft.
In January last yr, Windows Server admins uncovered that they ended up pressured to forgo patches and hold out for the up coming month’s update owing to issues which brought about substantial operational disruption.
In the same way, in December 2022 Windows consumers complained of encountering ‘blue display screen of death’ (BSOD) errors after installing security updates.
In a statement at the time, Microsoft mentioned that the issue affected “selected users” who downloaded a fix for a bug observed in the Camera application.
IT Pro has approached Microsoft for remark on how it plans to address reported issues.
‘Critical’ Outlook vulnerability
1st uncovered by CERT-UA, the Ukrainian govt cyber reaction device, the Outlook vulnerability patched this week is just one of the most extreme issues encountered in recent months, in accordance to Mike Walters, VP of vulnerability and risk research at Motion1.
The vulnerability was actively exploited in the wild amongst April and December final calendar year, Microsoft unveiled, and allows attackers to escalate privileges in Outlook.
Walters pointed out that the attack can be “executed devoid of any person interaction” by sending a specially crafted email which triggers mechanically when retrieved by the email server.
“This can guide to exploitation right before the email is even considered in the Preview Pane. If exploited correctly, an attacker can accessibility a user’s Net-NTLMv2 hash, which can be utilised to execute a move-the-hash attack on one more service and authenticate as the user,” Walters extra.
Subsequently, this would permit the threat actor to infiltrate person networks, alter Outlook mailbox folder permissions, and extract emails from focused accounts.
Windows SmartScreen vulnerability
Microsoft fixed a security characteristic bypass vulnerability in Windows SmartScreen all through this most up-to-date round of updates much too.
Also actively exploited in the wild, the vulnerability affects all now supported variations of the Windows working technique, Microsoft warned.
“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defences, ensuing in a limited reduction of integrity and availability of security features this kind of as Secured See in Microsoft Business, which rely on MOWT tagging,” the business wrote in its advisory.
With a CVSSv3.1 score of just 5.4, Walters warned that this particular vulnerability may “avoid notice” by numerous organisations because it does not surface “all that threatening”.
Even so, Microsoft warned that this exploit was probable utilized in an attack chain with extra exploits and signifies a severe risk for organisations.
Some components of this short article are sourced from: