Toll-free in North America

1-833-2READINESS

Everywhere else:

+44 203 633 5432

APP Wednesday – January 2023

Greg Lambert
January 25, 2023
3 minutes

Once a month, in the middle of the Patch Tuesday release cycle, the Readiness teams publishes an update on Microsoft related patches, out of band  (OOB) releases and republished CVE vulnerability documentation. This note is intended as an informal brief on recent changes and may reflect a dynamic or rapidly changing situation.

For the month of February 2023, this posting will include the following areas:

  • Resolved issues
  • Reported issues
  • Updated CVE entries
  • Scheduled Out-of-band (OOB) releases

Resolved Issues

To find out more about these and other related Windows Health issues, you can find a handy reference on the Windows Health dashboard. Here is a brief list covering Windows 10/11 of resolved issues for the past month

In addition to the Microsoft dashboard, Microsoft has also published their revised Office 365 roadmap which details the latest changes to the Microsoft Office platform. Most importantly, this month Microsoft has documented that they are changing how Excel add-ins are handled (XLL link libraries). Office add-ins are tough to detect, deploy and manage in an enterprise environment. This is a welcome update to an ongoing security hole in the Office ecosystem.

Reported Issues

This section deals with reported issues from Microsoft sources only. There may be plenty of problems reported in the media, which the Readiness will investigate but may not include in this brief.:

  • Microsoft Exchange Server (2016/19). Both KB5022143 and KB5022193 generate an issue with Outlook on the Web (OWA) with some web based views are not displayed correctly. This is known to be still outstanding and is with Microsoft. No release dates or planned updates are available at this time.

Updated Microsoft CVE Entries

Over the past few weeks since the last Patch Tuesday cycle, Microsoft periodically updates their release documentation as published by CVE entries. Here is a Windows focussed list of updates and revisions from the past update cycle:

  • ADV200011: Microsoft Guidance for Addressing Security Feature Bypass in GRUB. Revised FAQ to clarify the instructions for determining if customers’ systems are affected by this vulnerability. This is an informational change only.
  • ADV200013: Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver. In the Security Updates table, added Windows Server 2022 and Windows Server 2022 (Server Core installation) as these versions of Windows Server are also affected by this vulnerability.
  • ADV220005: Guidance on Microsoft Signed Drivers Being Used Maliciously. Microsoft is announcing that the Windows security updates released on January 10, 2023, include an updated block list. No further action is required if subscribed to Windows updates.
  • CVE-2022-41099: BitLocker Security Feature Bypass Vulnerability. This revision includes minor documentation (FAQ’s) and no further action required.
  • CVE-2022-41113 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. This revision includes minor documentation (FAQ’s) and no further action required.
  • CVE-2022-41113: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. This revision includes minor documentation (FAQ’s) and no further action required.

Scheduled Out-of-band (OOB) releases

At the time of writing there are no planned or documented Out of band releases scheduled for February from Microsoft.

Greg Lambert

CEO, Product Evangelist
Greg Lambert is the CEO and product evangelist for Application Readiness Inc. Greg is a co-founder of ChangeBASE and has considerable experience with application packaging technology and its deployment.

Planning business modernization projects?

  • Windows 10/11 migration
  • MS server 2022
  • Migration to Azure

Is your application estate ready?

Assurance.

Unbounded.

3 months of patch protection, assessments and dependency reports for your entire portfolio.

  • No cost
  • No limit of applications
  • No software needed
  • No infrastructure required
  • No obligation
Contact us to get started