Patching Tuesday normally includes security patches from a lot of familiar names.
And, that remains the case for July 2022, as Microsoft again leads the way with 84 patched vulnerabilities. The most dangerous of which produced a warning from the U.S. Cybersecurity and Infrastructure Agency (CISA), while another update rolled back protections against macro-exploiting malware.
Other patches for this month include:
- A variety of Adobe products,
- Cisco security updates,
- over 30 Azure disaster recovery privilege escalation bugs,
- SAP patches, and
- VMware VCenter server flaws.
As an IT manager, you’ll want to start with the aforementioned Microsoft patches that remove vulnerabilities, allowing security feature bypass, remote code execution, information disclosure, denial of service, and/or elevation of privilege.
Oftentimes, we think of patches as the final resolution for vulnerabilities. However, four of the patches this month apply to elevation-of-privilege vulnerabilities in Windows Print Spooler – something Microsoft has been patching for over a year.
Now, they aren’t all dire. Some less urgent patches fix bugs instead of vulnerabilities. For example, Microsoft fixed an issue where Office documents located on the cloud would crash when users tried to open, close, save, upload or download the files.
Before we get too far down one path, let’s start by breaking down this month’s security patches and updates.
CISA Update Warning
Let’s start with the most timely patches.
The CISA only allows government agencies three weeks to apply this month’s Windows patches because of the severity of CVE-2022-22047. This actively-abused vulnerability permits local privilege escalation in both server and client Windows installations.
In other words, attackers can gain SYSTEM privileges which would allow them to disable local endpoint detection and security tools. Once the security is disabled, the attackers can disable logs, alerts, and proceed with their attacks with near invisibility from other monitoring and tracking.
The CISA’s update requirement only applies to government agencies, but the active exploitation should provide urgency to the rest of us.
Despite that urgency, make sure to also maintain your discipline to perform backups and prepare operational contingencies in case the backups fail.
Major changes are coming to Windows Server 2012 users. Click the image above to read about it.
Rodgers Update Crashes the Canadian Internet
On July 8, Canadian telecommunications giant Rodgers suffered a massive outage that caused chaos for users across the country, which includes:
- 25% reduction in Canadian network connectivity (AKA: Internet)
- Widespread mobile phone outages
- Nation-wide blocked credit card payment transactions and ATM requests
- Disabled emergency (911) phone services
These troubles lasted most of the day, and the following week Rodgers claimed that the cause was a maintenance update in their core network. Additionally, the company also cautioned that scammers have already started using the outage as a pretext to phish customers.
Office Macro Security Rolled Back
One of the most noteworthy updates was Microsoft’s ‘temporary’ decision to reverse auto-blocking of VBA macros in Office documents – a feature added only last month. Microsoft did not disclose the feedback leading to the change, but security experts are concerned about surging attacks designed to exploit the re-exposed vulnerability.
Once a user infects their machine with a macro virus, the macro can also infect other files that the user opens or shares with others. While Microsoft will continue to flag documents as potentially unsafe, because of internet origins, an inattentive user can easily enable macros and trigger attacks.
Fortunately, you can still manually enable the macro-blocking policy that Microsoft disabled. Microsoft Office group policies must be downloaded and installed, then a ‘block macros’ setting will need to be enabled for each application.
Users that require macros can still use them, but only by going through a more difficult process which may require IT assistance the first few times through.
Bringing It All Together
Although Microsoft now enables automatic patching for many Windows 10 and Windows 11 devices, unsupervised updates can lead to disabled functionality and crashes. Even worse, if your systems are not backed up properly before applying updates, they can be very difficult to recover.
Most update failures will not cause national internet failures, but Rodger’s public problems should serve as a good reminder to execute your updates in a disciplined, thoughtful, and careful manner. Some IT teams treat patching as a tedious peripheral responsibility, but outsource partners such as Ideal Integrations offer contractually enforced service-level agreements for prompt, non-disruptive patching.
Contact us today Ideal Integrations at 412-349-6680, or complete the form below, to learn more about our IT outsourcing options. Our professionals provide expert services for patching, backups, cybersecurity monitoring, and many other short-term and long-term IT needs.
Stay safe, and keep your network protected!