July 2022 Patch Tuesday came and went quietly as expected. Microsoft addressed 40 CVEs in Windows 11 and 46 CVEs in the Windows 10 set of updates. It was a little unusual because there were no Microsoft SharePoint Server updates for the first time in several years. Don’t forget that Oracle released their Critical Patch Updates (CPU) last month as well.
Java gets the most attention and last month there were only 5 CVEs addressed with CVSS scores ranging from 5.3 to 7.9. Looking ahead to next week, we have a server end-of-life and still more updates that can impact printers.
Microsoft is ending their Windows Server Semi-Annual Channel (SAC) support this month. Windows Server 20H2 reaches end-of-support on August 9 and it will be the last of the SAC versions. There will be no more security updates for this version.
Microsoft has shifted to their Long-Term Service Channel (LTSC) for server support which they plan to release every 2-3 years and provide 5 years of regular support with an additional 5 years of extended security support.
Windows Server 2019 and Windows Server 2022 are the latest LTSC versions, with regular support until January 2024 and October 2026 respectively. If you are running Windows Server 20H2 you are encouraged to update to one of the LTSC releases but be advised you will need to install a clean update from scratch so plan accordingly.
Microsoft is also removing the temporary mitigation for CVE-2021-33764 this Patch Tuesday. This mitigation allowed administrators to configure domain controllers to work with RFC-4456 incompatible printers. There have been several updates to KB5005408 throughout the year to help administrators identify and manage these non-compliant printers.
Per Microsoft, effective August 9, “Smartcard-authenticating printers and scanners must be compliant with section 3.2.1 of the RFC 4556 specification required for CVE-2021-33764 after installing these updates or later on Active Directory domain controllers.” This could be disruptive if you have not planned and updated your printers. If you’re not sure about the impact for your environment, the August preview released on July 21st removes the mitigation and will block printing on non-compliant devices.
August 2022 Patch Tuesday forecast
- Expect a SharePoint server update to be included with the usual Office and Windows operating systems updates this month. Test before the rollout to ensure the new settings don’t disrupt your printing functionality.
- There are 6 months of ESU releases remaining for Windows 7 and Windows Server 2008/2008 R2 if you count the one coming next week. You should be planning to retire these workhorse operating systems soon.
- The anticipated major quarterly update for Adobe Acrobat and Reader came last Patch Tuesday. There could be a minor update, but there are no pre-notifications on the Adobe security site.
- Apple released Catalina 22-05, Big Sur 11.6.8, Monterey 12.5 and Safari 15.6 on July 20th. Make sure you are patching your systems to take advantage of these security updates. I don’t expect another update anytime soon unless a critical vulnerability is discovered.
- The stable channel for ChromeOS was updated to 104.0.5112.83 today. It contains 5 reported vulnerabilities rated High and 2 rated Medium. The stable channel for Desktop was updated on Tuesday with 27 security fixes. Review the Google announcement blog for more details.
- Mozilla released security updates for their applications the last week of July. Firefox 103, Firefox ESR 91.12, Firefox ESR 102.1, Thunderbird 91.12 and Thunderbird 102.1 were all updated. I wouldn’t expect any updates next week.
All the major vendors have provided their security updates in the past week or two so it will be the Microsoft show next week. With all our attention on PrintNightmare, I hope everyone has a good handle on their printer situation and applying these latest updates will be ‘relatively’ trouble-free.