Will 'joshtaco' be here?
this post was submitted on 11 Jul 2023
57 points (98.3% liked)
Sysadmin
7566 readers
1 users here now
A community dedicated to the profession of IT Systems Administration
No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]
founded 1 year ago
MODERATORS
I don't know, go ask him... seriously, we need contributors. :D
yep, I've not been back to reddit since RIF stopped working but need more people posting!
Starting my updates today (I typically wait a week to let other people be the test bed), I will update at the end tomorrow or the following day, especially if I run into any trouble.
More importantly though, there's two substantial changes in Windows Updates this month that you should be aware of if you are not already.
KB5020805 enters the next phase for patching CVE-2022-37967.
This month's patches do the following:
- Removes the ability to set value 1 for the KrbtgtFullPacSignature subkey.
- Moves the update to Enforcement mode (Default) (KrbtgtFullPacSignature = 3) which can be overridden by an Administrator with an explicit Audit setting.
Between now and October is your last chance to look for anything broken by this change, after October 10th patches the ability to undo this change is removed completely.
For more details see: https://support.microsoft.com/en-us/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb
KB5021130 enters final phase of patching for CVE-2022-38023
This month's patches are the final phase of mitigation for this issue. Last month it forced the on everyone, so hopefully you've seen and found anything broken, as this month removes the ability to turn this change off due to the following:
- The Windows updates released on July 11, 2023 will remove the ability to set value 1 to the RequireSeal registry subkey. This enables the Enforcement phase of CVE-2022-38023.
For more details see: https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25
Check your system logs for both of those KBs (event IDs to look for are outlined later in both articles) before patching.
Edit 1:
Just noticed that "CVE-2023-36884 - Office and Windows HTML Remote Code Execution Vulnerability" has additional remediation steps if you are not using Microsoft Defender for Office. More details and regkey included in this article: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
Edit 2:
Finished updates last night with no issues. Basic environment overview: Mix of physical and VMs (split between Hyper-V and VMWare), mostly worked on Windows servers last night, 2012 R2 - 2019. Updated VMs and hosts (on both platforms). Everything seems to be humming along nicely.
Bleeping computer patch notes: https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2023-patch-tuesday-warns-of-6-zero-days-132-flaws/
Zero day patch notes: https://www.zerodayinitiative.com/blog/2023/7/10/the-july-2023-security-update-review
Lansweeper: https://www.lansweeper.com/patch-tuesday/microsoft-patch-tuesday-july-2023/
Is it automated yet? (The autoposting that is)
So.... What has Microsoft broke this month? How is the patching going everyone?
We did a gitlab upgrade last week to 16.1and it went fine, but I noticed they never put out a vanilla v16.1.0 tag for gitlab-runner. There exist images such as Ubuntu-v16.1.0 but we usually just use the vanilla one. Anyone know what's up about that?
view more: next ›