This monthly blog entry is aimed at mid-month Microsoft updates that includes patches, application updates, lifecycle changes and application related events. We will cover security issues that relate to applications and deployments as well.
Microsoft Quality Update
This C cycle release (the third release of the month) generally relates to optional “Quality” updates from Microsoft, and this June Microsoft has released (KB50146666). This is a major update for Microsoft as this “patch” includes several new printer related features including:
- IPP over USB support – Microsoft has supported Internet Print Protocol (IPP) for network printers starting in 2018 with the release of Windows 10, version 1809. We are now expanding IPP support to USB printers.
- Print support app (PSA) APIs – Using the PSA framework, printer manufacturers can extend printer functionalities and user experience. For more information, see Print support app design guide.
- PIN-protected printing for IPP and Universal Print – Standard print dialogs now include a user interface to enter a PIN code.
- eSCL Mopria Scan protocol – Windows now supports the eSCL Mopria Scan protocol. It can be used with Mopria certified scanner devices.
Universal Print is a huge thing for Microsoft as this new approach to printer drivers seeks to reduce the surface for security vulnerabilities while reducing the technical deployment burden for system administrators. If you are interested in the changes to the Microsoft V4 printer model, then a good place to start is the Microsoft Printer design guide.
In addition to the introduction of this new printer handling functionality, this update has several significant feature level changes and includes compatibility or “breaking changes” in the following:
- Driver (kernel) signing
- Internet Explorer (IE) feature routing (and tabs)
- Printer handling (V4 only)
- Deprecated APIs
If you deploy this patch (or wait until July Patch Tuesday), we suggest you validate your MSI installation routines for self-repair and uninstall. This update already breaks several applications (e.g., Snip and Sketch) and may require additional application specific testing.
The June .NET Security and Quality Rollup Update does not contain any new security fixes. However, the following features have been updated:
- Addresses several issues that would cause too many garbage collections under high memory load.
- Adjusted GC Heap Hard Limit configuration, as well as processor interpretation for .NET Framework container scenarios.
- Addresses an issue where DWM failures can cause WPF’s render thread to fail.
- Addresses an issue of WPF apps not working with “Text Cursor Indicator” enabled when using RichTextBox.
- Improved the hardened rendering of ComboBox controls on 64-bit architectures.
- Improved the reliability of data bound ComboBox controls under assistive technology.
- Addresses an issue when users interact with the Workflow Designer they might encounter incorrectly disable
You can find all the newly merged Pull Requests (PR) at the .NET github repository.
This section covers some of the major changes that are happening in the Microsoft desktop and server ecosystem this month.
- Windows 8.X: Windows 8 went out of support on January 12, 2016, and no longer receives security updates. Therefore, if you’re using Microsoft 365 on a computer running Windows 8 and are configured for automatic updates, you’ll no longer receive updates for the Office apps, including feature, security, and other quality updates. Windows 8.1 reaches end of support on January 10, 2023. It’s time to move onto Windows 10. Really.
- Exchange 2013 will soon be out of support by Microsoft. If you need help with the latest updates and next steps for migrating to a later version, Microsoft has created a helpful update page found here.
This month sees s single patch revision for a serious DCOM server vulnerability from last year:
- CVE-2021-26414: This is a particularly difficult vulnerability to patch and if you have line-of-business (LOB) critical applications that rely on DCOM, you really need to consult the CVE entry from Microsoft and reference the mitigation strategies document there. This revision was published to advise that an additional operating systems (Windows 10 21H2) have affected. I don’t think that we have seen the last of this issue.
Since last Patch Tuesday, CISA has added 8 additional CVE entries to their “Known Exploited Vulnerabilities” catalogue, of which only one applies directly to the Windows ecosystem:
- CVE-2021-30533: Google Chromium Security Bypass Vulnerability. Insufficient policy enforcement in the PopupBlocker for Chromium allows an attacker to remotely bypass security mechanisms. This vulnerability impacts web browsers using Chromium such as Chrome and Edge.
Next release of Windows
Here is a nice review of what is expected in Windows 22H2. We will cover this in more detail in the next posting.