Jump to content

Patch Tuesday Mega Thread [2022-11-08]


Recommended Posts

It's patch Tuesday again! 

Heard some rumors about some more MS Exchange vulnerabilities, but no big announcements like is typical with serious vulns. 

The patch usually goes live at 10 AM PST, and almost immediately you can find a summary of everything in it on the ZDI blog.

URL for when patch goes live should be: https://www.zerodayinitiative.com/blog/2022/11/8/the-november-2022-security-update-review

  • Like 3
Link to comment
Share on other sites

Nothing too crazy this month. A patch for an ITW exploited EoP, mark of web bypass, and exchange RCE. Patched Exchange RCE is the ProxyNotLogon one which required authentication. 

  • Thanks 2
Link to comment
Share on other sites

On 11/8/2022 at 6:35 PM, MalwareTech said:

Nothing too crazy this month

It's pretty crazy that the Windows Server patch is killing all kerberos authentication if you have followed advice to turn off RC4-HMAC in your domain using policies.

Steve Syfuhs has posted on Twitter: "Not official guidance, but we're seeing reports where certain auths are failing when users have their msDS-SupportedEncryptionTypes attribute explicitly being set to AES only (decimal 24, hex 0x18)." We have this problem having applied the patches. The solution seems to be to set the attribute to hex 0x1c.

The surprising thing (to me) is that this isn't causing a complete riot over the entire Windows Server customer-base. Maybe very few people have, in fact, turned off RC4-HMAC. One fun thing about this attribute is that to work out what is going on you need Myst-level skills to work out what encryption types you actually have approved:



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...