ADVERTISEMENT

Easy and efficient network management – Auvik Networks Auvik is easy and efficient network management – Mapping, inventory, config backup, and more. Reduce IT headaches and save time with automated network discovery, documentation, monitoring, and more. Network management and troubleshooting is faster and simpler with Auvik’s easy-to-use software. Visualize everything on the network. A single dashboard to show exactly what you’re dealing with.

PATCH WATCH

By Susan Bradley

Not feeling the love from Microsoft this month?

That might be because the company is saying goodbye to its aged Internet Explorer Web browser (IE), albeit only on certain platforms.

For Windows 10, the death of IE is not part of this month’s Windows update but rather part of the update to the Edge browser. That update would have been in the background, silent, and you may not have noticed it. Even if you did, you probably didn’t pay much attention. Unless, of course, you had moved from IE to Edge a while back. For you, the update re-migrated your favorites and bookmarks, making a duplicate list.

I also found that Edge caused issues with Bank of America’s remote check deposit, forcing you to move to Chrome or Firefox to make that work. Clearly, not everyone was ready for the death of Internet Explorer — including Microsoft.

However, if your Windows 10 deployment is on the long-term servicing branch or any of the Windows server versions, IE will not be removed. In addition, the older versions of Windows (7, 8.1) don’t get the “kill switch” and IE will be retained. Looks like IE will have a prolonged death.

Even if you are using a service such as 0patch, don’t let that fact lull you into a false sense of security. I continue to advocate not using unsupported Web browsers. The security risks are too high.

Businesses, especially small ones, may be constrained by budgets that preclude updating important line-of-business apps and thus require an older OS and an older browser. If that is your situation, I recommend isolating the specific PCs running those apps as best you can and not using them for anything else. General, random surfing of the Web is best served by using a device that has modern browser support and modern security protections. Even an inexpensive Android tablet will have the modern tools and be safer than an antiquated PC.

Increasingly, I’m seeing websites that reject Internet Explorer and will not render at all. Plan accordingly.

For those of you with Apple iPads and iPhones, remember that these devices can perform the usual Web tasks including email, Web browsing, and even TV streaming. For TV, you can purchase an adapter and a cable to connect your iPad to a TV with an HDMI port. If you have a newer iPad with a USB-C connection, you’ll need an adapter like this instead.

I can’t emphasize this enough. If your only computing device runs Windows 7 or 8.1, keep in mind that both remain vulnerable to security threats. This is a situation that will only get worse as those devices get older.

For larger companies, the situation may be different. For example, banks may still run ATMs that are based on the embedded version of Windows 7. They are still able to license, for a fee, continuing patches. But this case is an outlier; we ordinary folks can’t do the same.

Windows 11 22H2 is a bit like San Jose’s Winchester Mystery House — building it never ceased during Sarah Winchester’s lifetime. I’m wondering if Windows 11 will be done in my lifetime.

First up is a change to how .NET is offered in conjunction with a feature release. In the past, you would be offered the feature release. After installing it and rebooting your system, you would be offered the .NET updates and be prompted to reboot again. Now, both will be installed at the same time, so you won’t have two reboot prompts.

In addition, any pending non-security updates will no longer be shown in the regular list but will instead be handled as optional driver updates. These will be tucked away in a separate, advanced screen. But you won’t be able to see that this month, even though there are .NET security updates. You will not see this until there is a non-security, bug-only patch.

This is a good change and will keep you from installing the preview updates that I don’t recommend to most patchers.

As with most months, I’m more worried about the risk of not patching (or delayed patching) for business users rather than for folks who are home or consumer users, regardless of your version and edition of Windows 10 or 11. Delay until we’ve had a chance to review any side effects from the patches. Instead, use your time to review your settings for uBlock Origin; consider the addition of custom filters such as Hide Youtube shorts, and consider blocking remote fonts (which will speed up your browsing).

If you have error messages such as 0x80070002 while attempting to install updates, this is a sign that something isn’t quite right with the files on your system. In my experience, the DISM or sfc /scannow commands rarely fix these deep patching errors. Instead, I recommend an in-place upgrade, overwriting the current Windows install. It’s easy to do: search for either the Windows 11 or Windows 10 ISO download, download it to your computer system, mount the ISO using Windows File Explorer, and tell it to do an upgrade over the top of your running system. Although I still recommend that you have a backup of your system, I have never experienced loss of data using this method.

There is a Microsoft Publisher vulnerability that could bypass Office macro policies used to block malicious files. An attacker could launch the attack by tricking you into downloading and opening a specially crafted file from the Internet. As I always caution, never open up files you weren’t expecting in the first place. If you must, at least open them on an isolated machine away from the rest of your computers. But in a twist, when I started to dig into the details, I found that this specific vulnerability (CVE-2023-21715) applies only to Microsoft 365 Apps for Enterprise.

I think Microsoft is wrong in its description of this vulnerability. I have Publisher because I subscribe to Microsoft 365 Business Premium, so I think the correct description should be that anyone who subscribes to Publisher will have this “mark of the web bypass issue” that is now being fixed.

However, the Word vulnerability included in CVE-2023-21716 isn’t just a Word vulnerability; it impacts Outlook as well. The preview pane is at risk in this attack — an unauthenticated attacker could send an email using an RTF payload. A safe alternative is to turn off the preview pane in Outlook.

If you disable Microsoft Store updates, you’ll need to either manually enable patching or download the update for Print 3D and 3D Builder to correct vulnerabilities in those store applications.

Apple patched several zero days in its February releases, the first for Apple in 2023. The bug can be exploited to compromise vulnerable iPhones, iPads, and Macs by “processing maliciously crafted Web content” — in other words, by sending you a malicious URL. Often these come through text messages rather than email, so always be suspicious of links received in text messages. If you don’t want to update to Ventura 13.2.1 yet, you can update your Safari browser to 16.3.1.

I’m going to break down the business advice into two camps: those with on-premises email servers running Microsoft Exchange, and those without. If you are still running an on-premises Exchange Server, I hope that you’ve already patched. If you haven’t, stop reading this email and make those patches. Now. If you have had any issues installing the updates, take the time to post on the Exchange blog and specifically be aware of Exchange Toolbox and Queue Viewer fails after Certificate Signing of PowerShell Serialization Payload is enabled. (Note: this is an issue with the certificate signing of PowerShell serialization payload feature, not an issue with the security update.)

Microsoft didn’t make it easier for Exchange administrators — because it published the wrong Exchange patch. It has now been republished with the correct one. In addition, some may experience crashing EWS application pool. Microsoft posted advice and workarounds in its blog.

SQL Server is also getting lots of security patches. The vulnerability isn’t that easy to exploit, but servicing and determining what you need to patch in SQL Server is never fun. So take the time to determine whether you are on a supported version of SQL Server, and reach out to your line-of-business vendor if you are not sure whether your version is vulnerable.

In typical Microsoft Patch Tuesday fashion, many of the bugs are elevation-of-privilege attacks. When these are combined with other threat vectors, an attacker can send a phishing email and gain more access on a system. Always make sure that the security software protecting your email is specifically geared to spot and block these phishing attacks. No software is perfect, but do be sure not to rely on the end user to be smart enough not to click. At least have some sort of cloud-based solution that is monitoring and filtering the email that comes through your mail servers. It’s imperative these days to be on the lookout for these phishing scams.

There are no Print spooler patches this month (will wonders never cease!), but there is an update to the Microsoft PostScript Printer Driver (CVE-2023-21801). My practice, in most cases, is not to use the generic printer drivers from Microsoft but rather the drivers from the printer manufacturer. Being mindful of Print Nightmare, add this to your planned 2023 task list: review, update, and republish the printer drivers for your printers in your organization. You may not be aware of vulnerabilities in printer drivers, but you can be sure attackers are. The Shodan search engine is often used by attackers to find Internet-exposed printers.

Being proactive about printer drivers is often a time-consuming and thankless job, and it may take time to get printing back to what you consider normal.

I recommend installing Exchange updates as soon as possible. But for all other business patches, I’ll be reporting back at the end of the month regarding the issues and side effects. Already I’m tracking Server 2022 issues with VMware, as well as a re-released Edge 110 update for Servers — it was offered up to Server 2012 R2 and should not have been.

Resources

Join the conversation! Your questions, comments, and feedback about this topic are always welcome in our forums!

Susan Bradley is the publisher of the AskWoody newsletters.

ADVERTISEMENT

Enjoying the newsletter? Become a PLUS member and get it all!
	Don’t miss any of our great content about Windows, Microsoft, Office, 365, PCs, hardware, software, privacy, security, safety, useful and safe freeware, important news, analysis, and Susan Bradley’s popular and sought-after patch advice. PLUS, these exclusive benefits: Every article, delivered to your inbox Four bonus issues per year, with original content MS-DEFCON Alerts, delivered to your inbox MS-DEFCON Alerts available via TEXT message Special Plus Alerts, delivered to your inbox Access to the complete archive of nearly two decades of newsletters Identification as a Plus member in our popular forums No ads We’re supported by donations — choose any amount of $6 or more for a one-year membership.