Audience: Enterprise IT Executives | Microsoft On-premise and Cloud Management
Also, this patch included a change to Session Key transfer. Previously, all session keys were transferred via RC4, and now with AES-SK, session keys are attempting to transfer via AES. An Out-of-Band patch was released on November 17th to fix the protocol transfer issue. In the long term, Microsoft is going to force all Session Key transfer to AES, and remove support for NTLM, which will make all versions not currently supported or in ESU completely unable to authenticate. US Cloud recommendations are as follows:
#1. If you have legacy devices (2000, 2003, 2008 SP2, 2008 R2 w/o ESU, some Linux, some Printers), you should probably create a DMZ for these devices with a domain controller that is patched no higher than September 2022.
#2. Upgrade your legacy devices as soon as possible. There will be no support options when RC4 and NTLM are disabled.
#3. Try connecting via IP instead of domain name. This forces NTLM over Kerberos.
#4. Enable RC4 by setting the msDS-SupportedEncryptionTypes to 0x1F.
#5. Apply the Out-of-Band patch and/or the December 2022 patch as soon as possible.
#6. Contact US Cloud Support if you have any issues.
If you’re running Hyper-V and managing VMs with System Center Virtual Machine Manager and Software Defined Networking, you will see failures when creating new VMs, adding new VNICs, and live migrating machines on Server 2019 and 2022. Microsoft has released an Out-of-Band to fix it. We recommend you install it as soon as possible.
The list of emergency Windows Server cumulative updates released today includes:
Windows Server 2022: KB5022553
Windows Server 2019: KB5022554
A temporary fix is also available for admins who cannot immediately install today’s updates on affected SDN-based SCVMM deployments. You can find scripts for large-scale deployments on the SCVMM Management Server and further details on applying the workaround are available at US Cloud.
Some users using Windows 10 who installed KB5021233 are getting BSOD (0xc000021a). This affects all versions of Win10. There is no current patch, but this can be fixed with the Windows Recovery Environment. Do not attempt the workaround without US Cloud support. If you are getting this issue, please submit a caseand we’ll be happy to assist you. If you feel you wish to do this without US Cloud we can provide instructions.
The infamous Play ransomware team developed a new exploit for ProxyNotShell URL rewrite that bypasses the URL Rewrite mitigation to gain Remote Code Execution via Outlook Web Access. This new exploit uses CVE-2022-41080 to gain privilege escalation of Exchange servers and deliver ransomware.
Organizations with on-premises Microsoft Exchange servers on their network are advised to apply the latest Exchange security updates (with November 2022 being the minimum patch level) or disable OWA until the CVE-2022-41080 patch can be applied.
It is highly recommended that you install KB5019758 as soon as possible. More information available at US Cloud.