Why you might not be done with your January Microsoft security patches

The January patching window for your firm has probably come and gone. Has it? While January included a huge release of patches, several releases in other months have provided more than one headache for the patch management community. These are the patches and updates you need to evaluate if you haven't already done so. In January, additional information came out about CVE-2022-41099, the BitLocker Security Feature Bypass Vulnerability. If you've already deployed the November or later security updates to your network and have done nothing else, you aren't done with the evaluation of this update. For this attack to be successful, the attacker needs physical access to your computer. There is much less risk for devices that have physical security and are locked or stored securely. If you have disabled the Windows Recovery Environment partition because you have alternative means to recover and reimage your devices, you are also not at risk. If you are somewhere in the middle you'll need to determine if you need to take action. You must also apply the applicable Windows security update to your WinRE. Besides disabling the recovery partition, you could also use a GitHub script to update the WinRE for this vulnerability and ensure it is patched appropriately. Additional discussions describe the potential for additional attack sequences, but it appears at this point to be an attack sequence that leads us back to theoretical attacks rather than proven attack sequences as well as remembering the long-standing Immutable Law of Security #3: If a bad actor has unrestricted physical access to your computer, it's not your computer anymore. Many administrators are still evaluating the impact of the November Kerberos hardening updates. Any patch installed on your domain controller that includes the November or later updates will have potential impact on your domain. First, determine if these updates will impact your domain. A PowerShell script is available to detect potential authentication issues that may occur in an Active Directory domain after installing these updates. As noted, "Run the script in PowerShell with domain administrator privileges from a machine with AD RSAT tools installed, such as on a domain controller. The script will output any detected compatibility issues found in the domain related to changes made for CVE-2022-37966." As noted in a Microsoft blog, the November updates caused issues with authentication, and Microsoft released an out-of-band update to fix the issue. Many patching administrators skipped over both the November and December updates waiting for issues to shake out. Next, if you can't remember the last time your organization changed the password to the Kerberos account, then you are long overdue to run this script to do so. It's recommended to change the Krbtgt password twice, waiting 24 hours between each change before changing it the second time. This is also the recommended process if you have a compromised Active Directory. It's also recommended to reset all administrator and service account passwords twice. These Kerberos updates are only in audit mode now and will be enforced later. If you are not seeing any such events in your event logs, you should be able to implement the hardening mode in advance by setting the KrbtgtFullPacSignature registry setting or waiting for the enforcement phases. As Microsoft notes, in July 2023 the default setting will be enforced. You want to look for events now before the new settings are enforced. While not enforced at this time, the impact on legacy systems should be investigated. You may need to have your team open support cases to discuss the impact and options with Microsoft. After this patch is enforced, all legacy operating systems will fail to authenticate via Kerberos. The impact of these two patching-related issues is not immediate. Don't wait too long or expect Microsoft to roll back the impact on these two patches. Both are certain to create more work for your BitLocker and AD teams.

This Cyber News was published on www.csoonline.com. Publication date: Wed, 01 Feb 2023 10:11:02 +0000


Cyber News related to Why you might not be done with your January Microsoft security patches

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
Why you might not be done with your January Microsoft security patches - The January patching window for your firm has probably come and gone. Has it? While January included a huge release of patches, several releases in other months have provided more than one headache for the patch management community. These are the ...
1 year ago Csoonline.com
Defend Your Business: Testing Your Security Against QakBot and Black Basta Ransomware - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
6 months ago Securityboulevard.com
What is Biometric Security? Your Body Becomes Your Key - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
11 months ago Hackersonlineclub.com
US Man Jailed 8 Years for SIM Swapping and Apple Support Impersonation - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 year ago Hackread.com
Is it possible to use an external SSD to speed up your Mac - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
Chained Exploits, Stolen VPN Access: Hackers Target Ivanti Users Despite Patches - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
10 months ago Hackread.com
Emergency patches now available for Juniper Networks routers The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
5 months ago Packetstormsecurity.com
Google Patches Chrome Zero-Day: Confusion in V8 JavaScript - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
6 months ago Gbhackers.com
D3 Security at RSAC 2024: Streamline Your Security Operations with Smart SOAR - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
8 months ago Securityboulevard.com
Microsoft Outlook Vulnerability Exploited by Russian Forest Blizzard APT - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
Microsoft: Storm-1283 Sent 927,000 Phishing Emails with Malicious OAuth Apps - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
Microsoft Busts Black Market for 100s of Millions of Fraudulent Accounts - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 year ago Hackread.com
Microsoft Disables App Installer After Feature is Abused for Malware - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
Spanish Police Nab Venezuelan Leader of Kelvin Security Hacker Group - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
Top Data Security Issues of Remote Work - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
11 months ago Hackread.com
Securing Your Software Development in Compliance with CISA: How OX Security Simplifies the Process - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
9 months ago Securityboulevard.com
Lee County student Chromebooks hacked in 'Cyber Monday prank' - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Nbc-2.com
Google to Delete Inactive Gmail Accounts From Today - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
Particle Network's Intent-Centric Approach Aims to Simplify and Secure Web3 - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
Stellar Cyber Bridges Cybersecurity Skills Gap with First-of-Its-Kind University Program - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
Int'l Dog Breeding Org WALA Exposes 25GB of Pet Owners Data - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 year ago Hackread.com
Q3 2023 Cyber Attacks Statistics - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackmageddon.com
Fake Lockdown Mode Exposes iOS Users to Malware Attacks - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
Cryptocurrency losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)