APP Wednesday – January 2023

Once a month, in the middle of the Patch Tuesday release cycle, the Readiness teams publishes an update on Microsoft related patches, out of band  (OOB) releases and republished CVE vulnerability documentation. This note is intended as an informal brief on recent changes and may reflect a dynamic or rapidly changing situation.

For the month of February 2023, this posting will include the following areas:

  • Resolved issues
  • Reported issues
  • Updated CVE entries
  • Scheduled Out-of-band (OOB) releases

Resolved Issues

To find out more about these and other related Windows Health issues, you can find a handy reference on the Windows Health dashboard. Here is a brief list covering Windows 10/11 of resolved issues for the past month

In addition to the Microsoft dashboard, Microsoft has also published their revised Office 365 roadmap which details the latest changes to the Microsoft Office platform. Most importantly, this month Microsoft has documented that they are changing how Excel add-ins are handled (XLL link libraries). Office add-ins are tough to detect, deploy and manage in an enterprise environment. This is a welcome update to an ongoing security hole in the Office ecosystem.

Reported Issues

This section deals with reported issues from Microsoft sources only. There may be plenty of problems reported in the media, which the Readiness will investigate but may not include in this brief.:

  • Microsoft Exchange Server (2016/19). Both KB5022143 and KB5022193 generate an issue with Outlook on the Web (OWA) with some web based views are not displayed correctly. This is known to be still outstanding and is with Microsoft. No release dates or planned updates are available at this time.

Updated Microsoft CVE Entries

Over the past few weeks since the last Patch Tuesday cycle, Microsoft periodically updates their release documentation as published by CVE entries. Here is a Windows focussed list of updates and revisions from the past update cycle:

  • ADV200011: Microsoft Guidance for Addressing Security Feature Bypass in GRUB. Revised FAQ to clarify the instructions for determining if customers’ systems are affected by this vulnerability. This is an informational change only.
  • ADV200013: Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver. In the Security Updates table, added Windows Server 2022 and Windows Server 2022 (Server Core installation) as these versions of Windows Server are also affected by this vulnerability.
  • ADV220005: Guidance on Microsoft Signed Drivers Being Used Maliciously. Microsoft is announcing that the Windows security updates released on January 10, 2023, include an updated block list. No further action is required if subscribed to Windows updates.
  • CVE-2022-41099: BitLocker Security Feature Bypass Vulnerability. This revision includes minor documentation (FAQ’s) and no further action required.
  • CVE-2022-41113 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. This revision includes minor documentation (FAQ’s) and no further action required.
  • CVE-2022-41113: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. This revision includes minor documentation (FAQ’s) and no further action required.

Scheduled Out-of-band (OOB) releases

At the time of writing there are no planned or documented Out of band releases scheduled for February from Microsoft.

Leave a Comment

Your email address will not be published.

Related Posts

Application Packaging

Application Modernization through Packaging

The Readiness team has a sole focus on automating the application packaging process. We have all been involved in application packaging for more than two …

Read More
Opinion

Application Readiness and Modern Application Management

I have been fielding several questions on application packaging over the past few weeks and they have merged into several central themes. These themes cover …

Read More
Patch Tuesday

Patch now to address critical Windows zero-day flaw

January’s Patch Tuesday update fixes 98 flaws, including a critical zero-day vulnerability in Windows. Be prepared for a significant testing and engineering effort.

Read More