May’s Patch Tuesday updates make urgent patching a must | #firefox | #chrome | #microsoftedge

This past week’s Patch Tuesday started with 73 updates, but ended up (so far) with three revisions and a late addition (CVE-2022-30138) for a total of 77 vulnerabilities addressed this month. Compared with the broad set of updates released in April, we see a greater urgency in patching Windows — especially wiith three zero-days and several very serious flaws in key server and authentication areas. Exchange will require attention, too, due to new server update technology.

There were no updates this month for Microsoft browsers and Adobe Reader. And Windows 10 20H2 (we hardly knew ye) is now out of support.

You can find more information on the risks of deploying these Patch Tuesday updates in this helpful infographic, and the MSRC Center has posted a good overview of how it handles security updates here.

Key testing scenarios

Given the large number of changes included with this May patch cycle, I’ve broken down the testing scenarios into high-risk and standard-risk groups:

High Risk: These changes are likely to include functionality changes, may deprecate existing functions and will likely require creating new testing plans:

  • Test your enterprise CA certificates (both new and renewed). Your domain server KDC will automatically validate the new extensions included in this update. Look for failed validations!
  • This update includes a change to driver signatures that now include timestamp checking as well as authenticode signatures. Signed drivers should load. Unsigned drivers should not. Check your application test runs for failed driver loads. Include checks for signed EXEs and DLLs too.

The following changes are not documented as including functional changes, but will still require at least “smoke testing” before general deployment of May’s patches:

Copyright © 2022 IDG Communications, Inc.



Original Source by [author_name]

Leave a Reply

Your email address will not be published.

thirty four + = 35