Updates for Exchange and Microsoft Installer push Patch Tuesday testing

Posted on

This is a relatively mild Patch Tuesday update from Microsoft, despite having significant vulnerabilities in the Windows platform (CVE-2021-38631 and CVE-2021-41371), both related to the handling of the Remote Desktop Protocol, have been disclosed and provide some urgency for applying Windows updates. And we have another technically challenging update for Microsoft Exchange Server to manage as well.

Pay close attention to the Service Stack Update (SSU) this month, as it could affect how your app is installed (with particular focus on the uninstall process). Microsoft has said there won’t be a C patch cycle release next month, meaning the Tuesday December patch release should be light. You can find more information about the risks of deploying this Patch Tuesday update with this infographic.

Main test scenario

No high-risk changes were reported on the Windows platform this month. However, there is one reported functional change, and additional features:

  • You should test your printer again. Try using Notepad first, then Adobe Reader (PDF) and include images (PNG, JPG, BMP). Testing is especially important if you have the V3 printer driver.
  • If your line of business application uses COM (or heaven forbid DCOM), you will need a full burn-in test. Changes to the COM STA Threading model can lead to difficult troubleshooting scenarios.
  • Using Microsoft Movie and TV appplay MP4 videos and check for audio problems.
  • You may not be using Internet explorer (IE), but the application may have a dependency on the IE component (IEFRAME.DLL). Assess your application portfolio for these key dependencies, then test for Office component integration issues and tab browsing.
  • Also, see Microsoft Timelinebecause minor changes have been made to the way your data is managed.

The biggest issue (or engineering task) this month is the need to validate that your apps install, repair, update, and uninstall properly. Check you window Installer logs (0 for success). I think this is a big job because we usually focus on app installation; this time we have to see how the app is uninstalled. After the application is uninstalled, the target machine should be clean, the error log is empty, and there are no corrupted applications. Doing this properly will allow the next MSI Installer update to run smoothly.

Known Issues

Each month, Microsoft includes a list of known issues related to the operating systems and platforms included in this update cycle. Here are some of the major issues associated with the latest builds from Microsoft, including:

  • After installing June 21, 2021 (KB5003690), some devices cannot install the new update, such as the July 6, 2021 update (KB5004945) or later. You will receive an error message, “PSFX_E_MATCHING_BINARY_MISSING.” For more information and solutions, see KB5005322.
  • Some Windows 10 LTSC systems are having problems after install KB4493509. Devices with multiple Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.” Microsoft is working on a fix.
  • Windows print clients may experience the following errors when connecting to remote printers that are shared on a Windows print server: 0x000006e4 (RPC_S_CANNOT_SUPPORT), 0x0000007c (ERROR_INVALID_LEVEL), 0x000000709 (ERROR_INVALID_PRINTER_NAME). Microsoft is working on this issue. We hope that there may be an OOB update to address this before the December release of B (Tuesday Patch). The good news here is that most of these reported printer issues relate to the enterprise environment (for example, printer servers bundled with domain controllers); most home users will not be affected by security issues or printing issues.

After installing this month’s Microsoft update, connecting to devices in an untrusted domain using Remote Desktop may fail to authenticate when using smart card authentication. You may receive the prompt “Your credentials are not working.” This issue was resolved using the Known Issues Rollback (KIR) — which is rather interesting. Microsoft now enables policy-based execution paths from managed code. If you run into problems, you can roll back the execution path of the affected files, returning that code snippet to a “pre-patched” state. To do this successfully, you need to make sure that you have the correct policy files for your platform. You can find the relevant policy files for each version of Windows here:

One of the best ways to see if there is a common issue affecting your target platform is to check the many configuration options for downloading patch data at Microsoft Security Update Guide site or summary page for this month’s security update.

Big revision

No major revisions (or even documentation updates) this month.

Mitigation and solutions

As of November 12, Microsoft has not published any mitigations or workarounds related to this month’s update cycle.

Each month, we break the update cycle into product families (as defined by Microsoft) with the following basic groupings:

  • Browsers (Microsoft IE and Edge);
  • Microsoft Windows (desktop and server);
  • Microsoft Office;
  • Microsoft Exchange;
  • Microsoft Development Platform (ASP.NET Core, .NET Core and Chakra Core);
  • Adobe (retired???, not yet).

Browser

Microsoft has released one important update for Microsoft Edge. At its core, this patch is a Chromium code update, but it affects the way Edge IE mode operate. The potential corporate impact of this update is small, so add this relatively easy update to your regular release schedule.

window

The Microsoft Windows platform received 28 updates, with three rated as critical and the remaining patches rated as critical. The biggest concerns are the two publicly reported Remote Desktop Protocols (RDP) problem (CVE-2021-38631 and CVE-2021-41371). Microsoft has worked on the RDP protocol extensively over the past year with significant updates being released on every Patch Tuesday. I’ve always had my doubts about RDP, even though Microsoft offers some guide and equipment to secure your remote desktop. Remember recent supply chain problems, and the lack of a fully integrated RDP alternative, I think patching early and often is our best bet. Add this update to your Windows “Patch Now” schedule.

Microsoft Office

Microsoft released four updates, all rated as important. Affecting Access, Word, and Excel, this vulnerability requires local access to the target system and user interaction. Unfortunately, one problem with Excel (CVE-2021-42292) has been reported to have been exploited (despite being listed by Microsoft as a proof of concept). Although this Office-related security issue is not “can worm,” The exploitation of a publicly reported remote code execution vulnerability significantly increases the risk for enterprise customers. Add this update to your “Patch Now” release schedule.

Microsoft Exchange Server

Microsoft released three important updates (CVE-2021-1349, CVE-2021-42305, CVE-2021-42321) for Exchange Server this month. All three updates link back to a single Knowledge Base (KB) article, KB5007049. This update will require a server reboot and there is a distinct possibility that this could cause an installation failure or crash the Exchange Server (a “break” like no remote login). There are a number of known issues with this update related to manual installation and UAC problem. Test this update thoroughly before any production deployment.

Microsoft development platform

This month’s update is a little more interesting than usual. We have two updates (both rated critical) for Visual Studio that could lead to a privilege upgrade scenario. And unusually, Microsoft has added Open Source project vulnerabilities from August to November update this month. Critical ranking issues in the OpenSSL cryptographic framework (CVE-2021-3711) is consumed by Microsoft Visual Studio and is therefore considered a significant risk to Visual Studio users. This is a great call from Microsoft and really shows its commitment to this type of open source project. Add this update to your regular developer rollout schedule.

Adobe (really Reader only)

This month, Adobe has released three lower-rated issues affecting RoboHelp (APSB21-87), InCopy (APSB21-110) and Creative Cloud desktops (APSB21-111) application. While there is no update for Adobe Reader, we strongly recommend that you test your PDF printing due to changes in the Windows printing system. Also, you may need to check if the automatic update feature still works in Adobe Reader after this month’s update is installed.