As we enter the second half of 2023, preparations are underway for the upcoming Patch Tuesday, the monthly event that brings updates and fixes to various software and operating systems. But before we delve into the details of what to expect, let’s take a brief look back at the developments of June.
June 2023’s Patch Tuesday saw the release of a standard set of updates from Microsoft. Windows 11 received fixes for 32 Common Vulnerabilities and Exposures (CVEs), while Windows 10 had 36 CVEs addressed. It is worth noting that these updates also apply to relevant server versions. Although some older zero-day vulnerabilities received informational updates, no new ones were discovered during this period.
Moving on to July’s forecast, Microsoft has been gradually implementing security measures with new Kerberos and NetLogon default settings. If you have not been following these changes closely, it is advisable to refer to Microsoft’s articles on managing the Kerberos Protocol changes related to CVE-2022-37967 and the Netlogon protocol changes related to CVE-2022-38023. Additionally, critical updates were released for the .NET framework, addressing six vulnerabilities that require attention.
However, not everything has been smooth sailing for Microsoft and its users. Numerous reports throughout June highlighted issues caused by the June releases and other problems within Microsoft software and services, leading to instability. These occurrences may hint at a potentially eventful Patch Tuesday in July.
One notable incident occurred when the application of the Windows 11 22H2 KB5027231 cumulative update broke Google Chrome for users running Malwarebytes, Cisco Secure Endpoint, and WatchGuard Endpoint Security. These users found themselves unable to launch Google Chrome, and there was no simple way to remove the Microsoft update. Consequently, affected companies had to provide temporary workarounds until software fixes were implemented.
Additionally, Microsoft faced troubles of its own as users began reporting problems with Microsoft 365 Applications, Microsoft Outlook, and Microsoft Teams. These issues ranged from failure to launch, slow performance, random starting and stopping, to licensing failures. In the midst of these troubles, researchers discovered an exploit in Microsoft Teams that could be leveraged to distribute malware. External tenants were able to bypass restrictions on incoming files, creating a potential avenue for malicious attacks. Microsoft has not provided extensive public statements on these matters, but with Patch Tuesday approaching, more information may come to light.
In other news, Apple dealt with three new zero-day vulnerabilities in June. CVE-2023-32434 and CVE-2023-32435 affected iOS and were associated with the Triangulation spyware. Another zero-day vulnerability, CVE-2023-32439, was found in WebKit and could enable attackers to execute arbitrary code on unpatched devices. For the latest updates on Apple’s applications, iOS, and macOS security, users can refer to the Apple Security Updates page.
Looking ahead to July’s Patch Tuesday, several expectations and speculations arise. Microsoft will likely provide regular updates for its operating systems and applications. As a critical .NET framework release occurred in June, it is less likely for a similar release this month. Additionally, since Microsoft released updates for Exchange Server in the previous month, it is possible that there may not be updates specifically for Exchange Server in July. However, given the online issues experienced with Microsoft 365 Applications, application updates and some Azure updates are anticipated, particularly if there are communication or hosting-related problems.
Adobe Acrobat and Reader were also absent from the June updates, with the last release occurring in April. It is highly probable that an update for these applications will be forthcoming soon.
As for Apple, since the zero-day vulnerabilities were addressed on June 21st, it is unlikely that a new set of updates will be released in the immediate future. It is also worth mentioning that the beta version of Sonoma, Apple’s new operating system, is now available, with a planned release later in the year.
In Chrome OS news, the Stable channel was updated to version 114.0.5735.205, and the Beta channel for Desktop reached version 115.0.5790.56 for Windows, Linux, and Mac. Based on this progress, an announcement regarding the Stable channel can be expected in the coming week.
Mozilla released Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 on July 4th. Therefore, it is unlikely that another update will be issued in the upcoming Patch Tuesday.
Furthermore, Oracle Critical Patch Updates are scheduled for July 18th, allowing users to obtain updates for Oracle products, including Java, in the week following Patch Tuesday.
In preparation for the upcoming Patch Tuesday, it is advisable to deploy the updates from Apple and Mozilla. Given the unresolved issues surrounding Microsoft in June, it is crucial to closely monitor the Knowledge Base updates to determine whether any disruptions or issues with applications or operating systems have been addressed.