Once a month, in the middle of the Patch Tuesday release cycle, the Readiness teams publishes an update on Microsoft related patches, out of band (OOB) releases and republished CVE vulnerability documentation. This note is intended as an informal brief on recent changes and may reflect a dynamic or rapidly changing situation.
For the month of February 2023, this posting will include the following areas:
- Resolved issues
- Reported issues
- Updated CVE entries
- Scheduled Out-of-band (OOB) releases
Resolved Issues
To find out more about these and other related Windows Health issues, you can find a handy reference on the Windows Health dashboard. Here is a brief list covering Windows 10/11 of resolved issues for the past month
- Application shortcuts might not work from the Start menu or other locations: Microsoft has documented that this issue has now been resolved. You can read more about this issue here.
- Database connections using Microsoft ODBC SQL Server driver might fail. This issue was a result of installing KB5019980 (the November OS update) and did cause some real-world issue with corporate databases. This has now been reported as resolved by Microsoft. Our own research has shown that this issue no longer generates ODBC connection issues.
- Provisioning packages might not work as expected. This issue related to the Microsoft Out-of-box first use provisioning experience and was not directly related to a security, roll-up or OS update. This issue has now been reported as resolved by Microsoft.
In addition to the Microsoft dashboard, Microsoft has also published their revised Office 365 roadmap which details the latest changes to the Microsoft Office platform. Most importantly, this month Microsoft has documented that they are changing how Excel add-ins are handled (XLL link libraries). Office add-ins are tough to detect, deploy and manage in an enterprise environment. This is a welcome update to an ongoing security hole in the Office ecosystem.
Reported Issues
This section deals with reported issues from Microsoft sources only. There may be plenty of problems reported in the media, which the Readiness will investigate but may not include in this brief.:
- Microsoft Exchange Server (2016/19). Both KB5022143 and KB5022193 generate an issue with Outlook on the Web (OWA) with some web based views are not displayed correctly. This is known to be still outstanding and is with Microsoft. No release dates or planned updates are available at this time.
Updated Microsoft CVE Entries
Over the past few weeks since the last Patch Tuesday cycle, Microsoft periodically updates their release documentation as published by CVE entries. Here is a Windows focussed list of updates and revisions from the past update cycle:
- ADV200011: Microsoft Guidance for Addressing Security Feature Bypass in GRUB. Revised FAQ to clarify the instructions for determining if customers’ systems are affected by this vulnerability. This is an informational change only.
- ADV200013: Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver. In the Security Updates table, added Windows Server 2022 and Windows Server 2022 (Server Core installation) as these versions of Windows Server are also affected by this vulnerability.
- ADV220005: Guidance on Microsoft Signed Drivers Being Used Maliciously. Microsoft is announcing that the Windows security updates released on January 10, 2023, include an updated block list. No further action is required if subscribed to Windows updates.
- CVE-2022-41099: BitLocker Security Feature Bypass Vulnerability. This revision includes minor documentation (FAQ’s) and no further action required.
- CVE-2022-41113 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. This revision includes minor documentation (FAQ’s) and no further action required.
- CVE-2022-41113: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. This revision includes minor documentation (FAQ’s) and no further action required.
Scheduled Out-of-band (OOB) releases
At the time of writing there are no planned or documented Out of band releases scheduled for February from Microsoft.