October was a busy month when it came to patches for some of the biggest names in IT. In this post we’ll recap what’s new, what you need to know and what you should do to keep your IT systems safe and secure.
ADSelfService Plus Release Notes
- MFA for Windows User Account Control: MFA may now be used to secure any UAC elevation prompts that need credentials, such as those for installing applications or making registry changes.
- Secure your organization’s business-critical equipment by implementing machine-based MFA. Users can only access the device after successfully completing identity verification with MFA, regardless of their enrolment status, participation in the self-service policy, or connectivity to the ADSelfService Plus server.
- Notification Centre: A notification centre has been added to the product to highlight significant alarms that demand admin attention. This is done to protect product security.
- The product’s Spring JAR files have been updated to version 5.3.21 in order to assure security.
- The product’s Commons Text JAR files have been upgraded to version 1.10 in order to assure security.
- When password sync is set up for Active Directory bidirectionally, a problem that resulted in an endless loop of password updates has now been fixed.
- The login agent crashed when the Have I been Pwned integration was turned on and HTTP was set up; this problem has been resolved.
- The Talkback APIs’ authorisation problem has been fixed.
- Now that Password Sync Agent version 2.0 is set, a memory leak problem that occasionally forced the domain controller to restart abruptly has been resolved.
- The ability for the server to establish “Scope” for users to control a certain collection of PCs has been introduced.
- The ability to migrate databases from PGSQL to MSSQL is now supported.
- German has been supported for UI localization.
- The Desktop Central Apache service has been updated to Apache 2.4.7.
Scope of Management (SoM)
- The ability to determine the Desktop Central agent’s live state has been added under SoM.
- Renaming Remote Office Names is now possible.
- To handle PCs that are outside of any IP range, you may now make a remote office the default setting.
- The problem with utilizing the CSV import to create remote offices has been resolved.
- It is now possible to archive the agent logs via the Agent Tray Icon.
- The “Allow service to interface with desktop” option is no longer necessary for the Desktop Central agent service to function.
- The problem with the Desktop Central Agent service logs increasing at random on a small number of machines has been resolved.
Patch Management Support
- Mac OS X Security Updates may now be installed automatically
- The ability to remove patches has been made available.
- There is now a way to check for service pack updates.
- The distribution of security patches with “unrated severity” is supported via automatic patch deployment.
- Optimized patch information retrieval in the “All patches” view.
- Systems View Under may now be used to execute shutdown and reboot operations.
MFA support for computers (Windows, Linux, macOS), servers, VPNs, network endpoints utilizing RADIUS, OWA, and other IIS web applications are all included in the new Endpoint MFA add-on. This add-on is available for purchase in our store.
For further bugs and improvements that have been included to builds 80200 and 90000 of Endpoint Central visit at https://www.manageengine.com/products/desktop-central/dc9-readme.html
RecoveryManager Plus Release Notes
- More custom attribute data types are now supported for backup and restoration by RecoveryManager Plus.
- Custom properties that were inherited from the auxiliary classes may now be backed up and restored.
- Any Active Directory domain that has been setup may now be specified as the default domain.
- While backing up Active Directory data, there was an ES data dump issue.
- Support for modern authentication: Tenants of Microsoft 365 that have modern authentication enabled can now be configured.
- Advanced search filters: Use object attributes like sAMAccountName, Description, or any other attribute of the objects to search for specific AD objects in a backup.
MSSP EventLog Analyzer from ManageEngine
What is it?
The appropriate platform for security service providers to provide total insight into what’s occurring in each of their clients’ environments is EventLog Analyzer MSSP. The MSSP market is the target market for the EventLog Analyzer MSSP version. It facilitates positioning the product for MSSP compliance, log management, and security auditing requirements. Future versions of the disseminated edition and the MSSP edition will have different route maps.
EventLog Analyzer MSSP advantages:
- Centralized log gathering that is secure and use either agentless or agent-based techniques.
- By comparing occurrences throughout the network, real-time event log correlation can find security issues.
- Each client’s dashboard may be personalized.
- Perform forensic investigations in your client’s environment to ascertain the source of assaults.
- Use role-based access restrictions to make sure that only authorized workers may access data.
- The related alert emails will also mention the name of the server where the log collecting failure occurs.
- The spring core jar included with the item has been updated from version 5.3.18 to 5.3.21.
- The key size for SSL/TLS key exchange was increased from 1024 bits to 2048 bits for increased security
- The failure of the log collection filter caused by the use of “contains” criteria in the message field has been resolved.
- While exporting the archives from the admin server, a security and date parsing problem was solved.
- If the location value is declared invalid following an instance migration, the archive location will return to the default path.
- The devices that ADAuditPlus inherited from EventLog Analyzer could not be configured or disabled via the ADAuditPlus console when Log360 was integrated. EventLog Analyzer 12240 has the problem addressed.
October 2022 Patch Tuesday
84 vulnerabilities, including two zero-days, are fixed by Microsoft in this month’s Patch Tuesday as the ideal complement to National Cybersecurity Awareness Month. The other zero-day vulnerability has been made public while one is now being actively exploited.
What is Tuesday Patch?
Every month, the second Tuesday is known as “Patch Tuesday.” Microsoft upgrades its operating system and other connected apps on this day, including security and non-security updates. IT administrators are aware of these upgrades and have time to prepare for them since Microsoft has upheld the practice of issuing updates on a regular basis.
Why is Patch so crucial?
Patch are regularly released to keep up with significant security upgrades and to address important issues or vulnerabilities. Unless the vulnerability is significant and heavily abused, zero-day vulnerabilities are typically also corrected during Patch unless a separate out-of-band security update is provided to address that specific vulnerability.
Updates for two zero-day vulnerabilities discovered in Microsoft Office and the Windows COM+ Event System Service are included in October’s Patch Tuesday.
- Windows COM+ Event System Service Elevation of Privilege Vulnerability (CVE-2022-41033)
An attacker who was successful in exploiting this vulnerability may take control of the system, according to Microsoft’s alert.
- Microsoft Office Information Disclosure Vulnerability (CVE-2022-41043)
Microsoft claims that attackers could take advantage of this flaw to access users’ authentication tokens.
Microsoft Exchange zero days have no updates
In late September, the Vietnamese cybersecurity firm GTSC identified two zero days in Microsoft Exchange. The vulnerabilities, called ProxyNotShell, have been tracked as CVE-2022-41040 and CVE-2022-41082 and are now being aggressively exploited. They have also exchanged strategies to address those weaknesses in the interim.
However, there haven’t been any updates made available for this month’s Patch Tuesday’s two zero days. The solutions are not yet ready, according to Microsoft’s security alert, but they will be made accessible as soon as they are.
updates made available by third parties following last month’s Patch Tuesday
After last month’s Patch Tuesday, patches from third-party companies like Google, Apple, SAP, Cisco, Fortinet, and VMware were made available.
Patch management practices for a hybrid work environment
Even after being given the go-ahead to get back into the workplace, the majority of businesses have chosen to support remote work. This choice presents a number of difficulties for IT administrators, particularly in terms of controlling and safeguarding dispersed endpoints.
Guidelines for Remote Patching Procedure
Here are some guidelines for streamlining the remote patching procedure:
- A single flawed patch has the potential to crash the entire system, disable automatic updates. End users can learn how to turn off automatic updates on their devices from IT administrators. In order to guarantee that automatic updates are turned off, Patch Manager Plus and Endpoint Central also offer a special patch, 105427, that can be applied to endpoints.
- Prior to implementing significant updates like those from Patch Tuesday, create a restore point—a backup or image that records the status of the computers.
- Create a patching schedule and tell end users about it. It is advised to schedule a time for patch installation and system reboots. Inform end users of the steps they must take to ensure a smooth patching process.
- Before introducing the fixes into the production environment, test them on a small sample of systems. This will guarantee that the fixes do not affect how other programs function.
- Since many users work from home, their schedules may vary. In this situation, you may let end users forego deployment and scheduled reboots. They will have the freedom to do so and won’t have to worry about upgrades interfering with their job. We offer user-defined deployment and reboot options in our patch management tools.
- Most businesses use a VPN to release fixes. Install the most important security updates and critical patches first to avoid patch jobs using up your VPN bandwidth. Given that feature packs and cumulative updates are large upgrades that use a lot of bandwidth, you might wish to delay installing them.
- After Patch Tuesday, such as the third or fourth week of the month, plan to install the non-security updates and security updates that are not rated Critical. If you believe a certain update is not necessary for your environment, you can also decide to reject it.
- Run patch reports to receive a comprehensive picture of your endpoints’ health.
- Check to see if the computers used by users who are returning to the office after working remotely comply with your security requirements. Quarantine them if necessary.
- Before deciding that your back-office computers are ready for production, install the most recent upgrades and feature packs.
- Take stock of your back-to-office devices’ apps, such as remote collaboration software, and eliminate any that are currently out of date.
The whole patch management process, from testing patches to distributing them, can be fully automated using Endpoint Central or Patch Manager Plus. Patch jobs can also be modified to suit your present requirements. Try a free, 30-day trial of one of these tools for a hands-on experience and maintain thousands of programs patched and protected.
Looking for additional information on Patch Tuesday updates? Join our experts as they dissect and provide in-depth analysis of this month’s Patch Tuesday releases. You may also ask our subject matter experts questions and have all your Patch Tuesday-related inquiries answered. Join our free Patch Tuesday webinar by registering.
Get your patches fixed now!
Patch Tuesday security patches for October 2022
These products, features, and roles all received security upgrades.
- Active Directory Domain Services
- Azure Arc
- Client Server Run-time Subsystem (CSRSS)
- Microsoft Edge (Chromium-based)
- Microsoft Graphics Component
- Microsoft Office
- Microsoft Office SharePoint
- Microsoft Office Word
- Microsoft WDAC OLE DB provider for SQL
- NuGet Client
- Remote Access Service Point-to-Point Tunneling Protocol
- Role: Windows Hyper-V
- Service Fabric
- Visual Studio Code
- Windows Active Directory Certificate Services
- Windows ALPC
- Windows CD-ROM Driver
- Windows COM+ Event System Service
- Windows Connected User Experiences and Telemetry
- Windows CryptoAPI
- Windows Defender
…and many more – visit https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct
October Patch Tuesday 2022
If you have any questions or concerns arising form the October ’22 Patch Tuesday then don’t hesitate to contact our team who will be able to guide you through the update process to make sure you’re fully patched up and secure.
If you have an IT Problem then we’ve got the IT Solution, call us on +353-1-2304242 or contact us online for more info!