Microsoft Update – January 2023

Microsoft Updates

Get the latest Microsoft updates for enterprise IT. Share time-sensitive updates with your Microsoft infrastructure and cloud teams to avoid downtime.

Audience: Enterprise IT Executives | Microsoft On-premise and Cloud Management

Microsoft Updates

Kerberos Issues

Microsoft released the November 8th, 2022 patch with CVEs to mitigate issues with Kerberos and Netlogon, but a bug was caused within the Kerberos handshake that causes it to improperly offer protocols.

Also, this patch included a change to Session Key transfer. Previously, all session keys were transferred via RC4, and now with AES-SK, session keys are attempting to transfer via AES. An Out-of-Band patch was released on November 17th to fix the protocol transfer issue. In the long term, Microsoft is going to force all Session Key transfer to AES, and remove support for NTLM, which will make all versions not currently supported or in ESU completely unable to authenticate. US Cloud recommendations are as follows:

#1. If you have legacy devices (2000, 2003, 2008 SP2, 2008 R2 w/o ESU, some Linux, some Printers), you should probably create a DMZ for these devices with a domain controller that is patched no higher than September 2022.

#2. Upgrade your legacy devices as soon as possible. There will be no support options when RC4 and NTLM are disabled.

#3. Try connecting via IP instead of domain name. This forces NTLM over Kerberos.

#4. Enable RC4 by setting the msDS-SupportedEncryptionTypes to 0x1F.

#5. Apply the Out-of-Band patch and/or the December 2022 patch as soon as possible.

#6. Contact US Cloud Support if you have any issues.

December 2022 Patch Issues

Unfortunately, the December 2022 Patch Tuesday has some issues of its own.

If you’re running Hyper-V and managing VMs with System Center Virtual Machine Manager and Software Defined Networking, you will see failures when creating new VMs, adding new VNICs, and live migrating machines on Server 2019 and 2022. Microsoft has released an Out-of-Band to fix it. We recommend you install it as soon as possible.

The list of emergency Windows Server cumulative updates released today includes:

Windows Server 2022: KB5022553

Windows Server 2019: KB5022554

A temporary fix is also available for admins who cannot immediately install today’s updates on affected SDN-based SCVMM deployments. You can find scripts for large-scale deployments on the SCVMM Management Server and further details on applying the workaround are available at US Cloud.

Some users using Windows 10 who installed KB5021233 are getting BSOD (0xc000021a). This affects all versions of Win10. There is no current patch, but this can be fixed with the Windows Recovery Environment. Do not attempt the workaround without US Cloud support. If you are getting this issue, please submit a caseand we’ll be happy to assist you. If you feel you wish to do this without US Cloud we can provide instructions.

Exchange Online will Turn Off Basic Authorization in January

Microsoft warned that it will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security.

This is the last step in warnings and detection steps they’ve included as part of September 2019 and May 2022 patches. This will be a full deprecation with no workaround. All basic auth connections will receive HTTP 401 errors. The outdated Exchange Online basic auth login method will be deprecated for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell (RPS), Exchange Web Services (EWS), Offline Address Book (OAB), Autodiscover, and Outlook (for Windows and Mac).

The SMTP AUTH protocol used for client email submissions will also be disabled in all tenants where it’s not being used.

These protocols will be disabled for basic auth use permanently during the first week of January 2023, with no way of re-enabling it again. This will affect legacy software and legacy multi-function devices that relay directly to EXO. If you need help checking to see if Basic Auth is still in your environment, or transitioning to Modern Auth, please contact US Cloud. Your TAM can assist in providing consultation services to help you get compliant before you receive impact to your business.

New Elevation of Privilege Vulnerability for On-Prem Exchange

This new exploit uses CVE-2022-41080 to gain privilege escalation of Exchange servers and deliver ransomware.

The infamous Play ransomware team developed a new exploit for ProxyNotShell URL rewrite that bypasses the URL Rewrite mitigation to gain Remote Code Execution via Outlook Web Access. This new exploit uses CVE-2022-41080 to gain privilege escalation of Exchange servers and deliver ransomware.

Organizations with on-premises Microsoft Exchange servers on their network are advised to apply the latest Exchange security updates (with November 2022 being the minimum patch level) or disable OWA until the CVE-2022-41080 patch can be applied.

It is highly recommended that you install KB5019758 as soon as possible. More information available at US Cloud.

Get Microsoft Support for Less

Get Closer to Hassle-Free Support Today

Ready to elevate your Microsoft experience? Share a few details and we'll show you how US Cloud can streamline your services with cost-effective, personalized support.