Tuesday , March 21 2023

Disappearing SMBv3 patch, non-security office patches and a previously milder patch on Tuesday

Almost 24 hours have passed since the Patch Tuesday patches were launched this month. The good news: Almost everyone who repairs individual machines reports smooth sailing.

This is remarkable given the number of problems Disappearing symbols of the past month (temporary profile) mistakes and the infinite Litany of complaints Information about the last patch “Optional, non-security relevant C / D week”. As I can best judge, none of these issues have been officially recognized, and if they are still patched up with yesterday’s patches, people won’t complain about them. Still.

Of course, the usual problems when installing the patches still occur – error 0x800f0900 seems to be special productive on reddit – but at this early stage I don’t see any debilitating problems.

That can change. Many patchers have other problems in their minds and the day is still young.

Duplicate updates

I have seen numerous reports from duplicate updates in Windows update listsSpecifically for Windows 8.1, a .Net quality rollup and the monthly Server 2012 R2 rollup. Having the same identical patch listed twice in an update list does not create trust.

It looks like Microsoft cleaned up the list over night. At this time there are 110 “2020-03” entries in the Microsoft Update Catalog – that means 110 individual patches – three less than last night.

Less is better, yes?

Additional office updates

It looks like Microsoft has used Patch Tuesday to release additional non-security patches for Office. Typically, the non-security office patches are released on the first Tuesday of the month, however this announcement contains links to all of these new non-security office patches:

Excel 2016 March 10, 2020, update for Excel 2016 (KB4011130)
Office 2016 March 3, 2020, update for Office 2016 (KB4484247)
Office 2016 March 10, 2020, update for Office 2016 (KB3213653)
Outlook 2016 March 10, 2020, update for Outlook 2016 (KB4462111)
PowerPoint 2016 March 10, 2020, update for PowerPoint 2016 (KB3085405)
Project 2016 March 10, 2020, update for project 2016 (KB3085454)
Skype for Business 2016 March 3, 2020, update for Skype for Business 2016 (KB4484245)
Skype for Business 2015 (Lync 2013) March 3, 2020, update for Skype for Business 2015 (Lync 2013) (KB4484097)
Office 2016 voice interface package March 3, 2020, update for Office 2016 Language Interface Pack (KB4484136)

Remarkably, these patches are not listed in the official one Latest non-security updates for versions of Office that use Windows Installer (MSI) Post Office.

The strange case of CVE-2020-0796 & # 39; CoronaBlue & # 39;

Another mishap in patch timing: the SMBv3 patch described in Microsoft Security Advisory ADV200005 | Microsoft’s guide to disabling SMBv3 compression has caused all sorts of dismay among administrators responsible for networks with SMBv3.

In short, Microsoft appeared to have the patch ready to use, but pulled it off at the last minute. Microsoft warned security software manufacturers in advance that the patch would come (a common practice), but didn’t shout, “Stop the presses!” in time to keep the cows in the stable. Two organizations inside accidentally published descriptions and then pulled them. History raced through the blogosphere.

The hole is wormable that it can spread without human interaction. “Could” be the operable term: A potential exploit faces enormous challenges.

First, Microsoft has not officially announced the hole and has not released a fix. After the hand was forced, Microsoft released the on Tuesday evening Safety notice, what says:

Microsoft is aware of a remote code execution vulnerability because the Microsoft Server Message Block 3.1.1 protocol (SMBv3) processes certain requests. An attacker who successfully exploited the vulnerability could run code on the target SMB server or SMB client.

At this point it just seems that Servers 2013 and 2019 are affected. Microsoft has a manual workaround. No exploits are known, however ZDNet’s Catalin Cimpanu just tweeted::

I have now seen / talked to 3 different people who claimed they found the bug in less than 5 minutes. I’m not surprised when exploits appear online at the end of the day.

If you are responsible for a network with SMBv3, you can find out about the developments by reading Satnam Narang on TenableSergiu Gatlan at BleepingComputer, Catalin Cimpanu at ZDNet and Dan Goodin for the past few hours at Ars Technica. It is an active one Discussion on AskWoody. You should also follow @msftsecresponse on Twitter.

About Nikola Dodson

She is a Chicago blogger and tech enthusiast.

Check Also

Microsoft enforces Bing for Chrome users in the enterprise

Microsoft tacitly announced last week that it would change the default Chrome to Bing search …

Leave a Reply

Your email address will not be published.