In response to critical bugs in its Patch Tuesday release for January 2022, Microsoft has released several out-of-band (OOB) updates to their Windows Server updates. After initially pulling these updates for further review on January 13, Microsoft made the Windows Server updates available to download again via Windows Update the next day. Now that these issues have been resolved, Barracuda MSP recommends that all MSPs download the January 2022 security updates and the emergency OOB patches to protect their critical servers.
Technical Detail & Additional Information
WHAT IS THE THREAT?
On January 17th, 2022, Microsoft released emergency updates to fix “issues related to VPN connectivity, Windows Server domain controller restarts, virtual machine startup failures, and ReFS-formatted removable media that fails to mount” caused by the original Patch Tuesday updates to Windows Server.
According to Microsoft, these original updates addressed the following issues:
- Update KB5009624 “patches an issue where Active Directory attributes are not written correctly during an LDAP modify operation with multiple specific attribute changes.”
- Update KB5009557 “contains miscellaneous security improvements to internal OS functionality.”
- Update KB5009555 “addresses a known issue that affects Japanese Input Method Editors (IME). When you use a Japanese IME to enter text, the text might appear out of order or the text cursor might move unexpectedly in apps that use the multibyte character set (MBCS). This issue affects the Microsoft Japanese IME and third-party Japanese IMEs.”
However, following installation, Windows Server administrators reported endless Domain Controller boot loops, Hyper-V start-up issues and losing access to ReFS file systems. In response, Microsoft removed the January Windows Server patches from Windows Update and reinstated them on January 14th with notifications that they were investigating these issues in the Windows Message Center before releasing necessary fixes on January 17th.
WHY IS IT NOTEWORTHY?
Microsoft products are used and trusted by thousands of individuals and businesses worldwide. Microsoft products and devices running the Windows operating system are integrated into everyday businesses worldwide. As a result, it is difficult to estimate how many users may encounter unexpected errors as a result of these updates. However, as demonstrated by the scale of these updates, security researchers are constantly searching for and discovering new exploits on these products. It is crucial to keep these devices updated regularly, since these patches are made specifically to prevent these vulnerabilities from being exploited.
WHAT IS THE EXPOSURE OR RISK?
Microsoft’s Patch Tuesday releases usually address several vulnerabilities and exploits that could pose a significant threat to users. Many companies rely on sensitive data stored on their Windows devices and services remaining private. In many cases, these devices and services are business critical and are needed to conduct everyday business. Because the original Patch Tuesday release covers 97 CVEs, including a Windows certificate spoofing exploit, a privilege escalation vulnerability in Windows user profiles, and vulnerabilities that allows for both Denial of Service attacks and Remote Code Execution attacks, it is critical to implement these patches as soon as possible now that the potential issues are resolved.
WHAT ARE THE RECOMMENDATIONS?
Now that Microsoft has released fixes for any critical issues with their Patch Tuesday release, Barracuda MSP highly recommends downloading these security updates and the Out-of-Band patches to protect critical systems from any potential cyber attacks related to these vulnerabilities.
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Security Operations Center.