With a CVSS score of 7.8, CVE-2022-41033 is not exactly critically severe, although it is a zero-day vulnerability, meaning it is being actively targeted through a publicly available exploit. See More: September Patch Tuesday: Microsoft Patches 64 Vulnerabilities Including Two Zero-Day Flaws Critical Severity Vulnerability Patches from October Patch Tuesday CVE-2022-41033įirst up is CVE-2022-41033 Opens a new window, an elevation of privilege (EoP) vulnerability residing in Windows COM+ Event System Service. However, the October patchload takes care of plenty of other serious bugs in Windows Components, Office and Office Components, Microsoft Edge (Chromium-based), Azure/Azure Arc/Azure DevOps, Windows Resilient File System (ReFS), Active Directory Domain Services and Active Directory Certificate Services, Hyper-V, Visual Studio Code, and Nu Get Client. Organizations that reacted to the ProxyShell vulnerability should also pay close attention to this, taking their lessons learned on rapid remediation, as this vulnerability can potentially see increased exploitation.” The company didn’t mention a timeline for the patches to NotProxyShell, both of which are being actively exploited in the wild.Īnkit Malhotra, manager of Signature Engineering at Qualys, noted in a blog post, “It’s worth noting that Microsoft has had to revise the mitigation for CVE-2022-41040 more than once, as the suggested URL rewrite Mitigation was bypassed multiple times. For the two unpatched Exchange Server vulnerabilities, dubbed NotProxyShell, Microsoft recommended admins apply mitigation while they work on a fix. “If that happens, 2022 would be the second busiest year for Microsoft CVEs,” noted Dustin Childs of Trend Micro’s Zero Day Initiative.ġ5 of the 85 vulnerabilities addressed in the October Patch Tuesday are rated Critical in severity, 69 as Important and one as moderately severe. Microsoft is all set to cross last year’s total vulnerability patch count of 1,200 in 2022, with the total number of CVEs addressed until October Patch Tuesday hovering around the 1,100 mark. What is unusual, however, is that the company has failed to develop a patch for the two Exchange Server vulnerabilities that came to light earlier this month. Once you are happy to deploy to all clients you just need to un-tick this option and apply the changes.On Tuesday, Microsoft rolled out security patches for 85 vulnerabilities, a number not unusual for the company’s October Patch Tuesday. Those clients you do wish to run the latest version can be manually upgraded. This of course will depend on your setup – in my case I allowed a week. Now all we need to do is allow time for the policy change to progagate throughout the network to all OfficeScan agents. Select the tick box next to this option and then click to ‘Apply to All Agents’. ‘ OfficeScan agents can update components but not upgrade the agent program or deploy hot fixes‘ Click the ‘Other Settings’ tab, the option we need to configure is highlighted. Click the ‘Settings’ option and then select ‘Privileges and Other Settings’.Ī new browser window should open allowing us access to these configuration options. Now that we have the root object selected we can start configuring our policy options. Next we need to highlight the root OfficeScan object in the agent tree to ensure all clients receive the policy. As I can’t know what your policy layout is you may actually need to carry out this step differetly but I am going to assume a setup where the policy is being applied at the root level and inherited by all sub-clients. To do this select the ‘Agents’ menu and then chooose ‘Agent Management. If you try and rush ahead with the server side upgrade you may have agents which are running an old policy allowing them to upgrade.įirstly we need to logon to the OfficeScan web management console and modify our agent policy. I strongly recommend you make these changes and then allow a sensible amount of time for all agents to detect the change. In this post I will quickly cover how to disable the OfficeScan management server pushing automatic agent upgrades.įirstly we must consider the following BEFORE upgrading the server side – changes made on the server side will take time to propagate throughout the network. When it comes to a major upgrade I prefer to deploy to a small subset of clients for testing and gradually roll out to more departments over a period of time. Sometimes you want this, for example you might just be applying a minor hotfix or update which you want all clients to receive ASAP. Typically once the server side software has been upgraded it automatically begins to push out the new program version to all OfficeScan agents. I recently upgraded one of our Trend Micro OfficeScan management servers to the latest ‘XG’ (v12) version.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |