Starting my updates today (I typically wait a week to let other people be the test bed), I will update at the end tomorrow or the following day, especially if I run into any trouble.

More importantly though, there’s two substantial changes in Windows Updates this month that you should be aware of if you are not already.

KB5020805 enters the next phase for patching CVE-2022-37967.

This month’s patches do the following:

• Removes the ability to set value 1 for the KrbtgtFullPacSignature subkey.
• Moves the update to Enforcement mode (Default) (KrbtgtFullPacSignature = 3) which can be overridden by an Administrator with an explicit Audit setting.

Between now and October is your last chance to look for anything broken by this change, after October 10th patches the ability to undo this change is removed completely.

For more details see: https://support.microsoft.com/en-us/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb

KB5021130 enters final phase of patching for CVE-2022-38023

This month’s patches are the final phase of mitigation for this issue. Last month it forced the on everyone, so hopefully you’ve seen and found anything broken, as this month removes the ability to turn this change off due to the following:

• The Windows updates released on July 11, 2023 will remove the ability to set value 1 to the RequireSeal registry subkey. This enables the Enforcement phase of CVE-2022-38023.

For more details see: https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25

Check your system logs for both of those KBs (event IDs to look for are outlined later in both articles) before patching.

Edit 1:

Just noticed that “CVE-2023-36884 - Office and Windows HTML Remote Code Execution Vulnerability” has additional remediation steps if you are not using Microsoft Defender for Office. More details and regkey included in this article: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884

Edit 2:

Finished updates last night with no issues. Basic environment overview: Mix of physical and VMs (split between Hyper-V and VMWare), mostly worked on Windows servers last night, 2012 R2 - 2019. Updated VMs and hosts (on both platforms). Everything seems to be humming along nicely.

Just subscribed, came here for the same reasons! Hoping this place can take off, because main reason I was going to give Reddit a single of iota of traffic going forward was for the Mega Patch Tuesday Threads, those are so insanely helpful that they are the first place I go before patching now. Hopefully we’ll some going in here as well, maybe our lord and savior JoshTaco will grace us with their presence as well 🤞 🚬

Cheers!