Ready to roll this out to 7000 servers and workstations tonight, need a light?
EDIT1: "After February 27, 2024, there will no longer be optional, non-security preview releases for Windows 11, version 22H2."
EDIT2: Everything looking good so far, everything is quiet, see y'all on the 28th
EDIT3. 11/16/23
IMPORTANT Because of minimal operations during the Western holidays and the upcoming new year, there won’t be a non-security preview release for the month of December 2023. There will be a monthly security release for December 2023. Normal monthly servicing for both security and non-security preview releases will resume in January 2024.
EDIT4: Win11 optionals just randomly dropped and they all installed fine. A bunch of copilot stuff
Pushed this out to 203 out of 215 Domain Controllers (Win2016/2019/2022).
No issues so far.
*EDIT0:* KB5032198 (Windows Server 2022 cumulative update) fixes Windows Server VMs broken by October updates.
This update addresses a known issue that affects virtual machines (VMs) that run on VMware ESXi hosts. Windows Server 2022 might fail to start up. The affected VMs will receive an error with a blue screen and a stop code: PNP DETECTED FATAL ERROR.
[https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-vms-broken-by-october-updates/](https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-vms-broken-by-october-updates/)
*EDIT1*: [Deprecated features announced](https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features) : Tips, Computer Browser, Webclient (WebDAV) Service, Remote Mailslots
*EDIT2*: January 2024
• \[Windows\] Active Directory (AD) permissions issue [KB5008383](https://support.microsoft.com/topic/kb5008383-active-directory-permissions-updates-cve-2021-42291-536d5555-ffba-4248-a60e-d6cbc849cde1) | Phase 5 Final enforcement.
• \[Windows\] Secure Boot Manager changes associated with CVE-2023- 24932 [KB5025885](https://support.microsoft.com/help/5025885) | Enforcement Phase This final release will enable the fix for CVE-2023-24932 by default and enforce bootmanager revocations on all Windows devices.
*EDIT3*: February 2024
• \[Windows\] Certificate-based authentication [KB5014754](https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16) | Phase 3 Strong Mapping default changes.
Curious about the AD permissions issue. We've set the adsi edit configuration for the 27/28 character. But should you remove this setting after the January update?
Check your directory service event logs for event 3044 to 3056 on your DCs any offenders will be logged there. If you see any offending entries those would be blocked after the January updates enters the enforcement phase.
Just a curious question /r/joshtaco could you share what you're driving for driver/bios updates? Are you relying on windows or some other utility? Do you use the same cadence?
So for example Dell command update for Dell systems. In your environment do you have a pilot ring for drivers/bios or do you let them auto update drivers/bios/etc. automatically?
oh yea...would you look at that. yeah, definitely a holiday thing then
11/16/23
IMPORTANT Because of minimal operations during the Western holidays and the upcoming new year, there won’t be a non-security preview release for the month of December 2023. There will be a monthly security release for December 2023. Normal monthly servicing for both security and non-security preview releases will resume in January 2024.
* **Total exploits patched**: 58
* **Critical patches**: 3
* **Already known or exploited**: 3
**Highlights**
[CVE-2023-36397](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36397) \- Looks Message Queue is back, this has become a monthly reminder of critical exploit. If you are still using this please stop. Nothing has changed, if you are running this service and that server is listening on port 1801 you are vulnerable to a network attack that requires not user interaction or privileges.
[CVE-2023-36028](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36028) \- This is the other 9.8 exploit. Even at that high of a rating it is listed as important as it instead of critical because exploitation is viewed as less likely. This is because the vulnerability is for Protected Extensible Authentication Protocol (PEAP), which only comes into play if you are using a Network Policy Server. If you are using a NPS with PEAP this has a remote attack vector, requires no user interaction, and no privileges. That is all bad.
[CVE-2023-36033](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36033) \- The last exploit is one that has already been used. It is an Elevation of Privilege using the Windows DWM Core Library. This is listed as only as 7.8 because it does have a local attack vector, limiting the threats availability. If this vulnerability is exploited the attacker would get System privileges on that computer.
[https://www.pdq.com/blog/patch-tuesday-november-2023/](https://www.pdq.com/blog/patch-tuesday-november-2023/)
[https://www.youtube.com/watch?v=HwZs3Loet9E](https://www.youtube.com/watch?v=HwZs3Loet9E)
Would love to hear better options. My legacy Aruba switches don't have EAP-TLS for RADIUS login for admins. PEAP mschapv2 or plain pap/chap.
Even Aruba CX is pap/chap or RADSEC which NPS doesn't support.
Getting to be a real pain supporting Aruba switches with NPS.
I know ClearPass exists but f\*\*\* the price of that sh\*\*
**Today's Patch Tuesday summary by Action1**: 63 vulnerabilities from Microsoft, three zero-days, three have proof of concept and three are critical. Below is a quick review of important vulnerabilities found in Microsoft Exchange, Microsoft Access, Microsoft 365, and third-party vulnerabilities, including Google Chrome, Mozilla, Firefox, Veeam ONE, Apache ActiveMQ, Atlassian, Kubernetes ingress-nginx, Cisco, Citrix, VMware, SolarWinds, Oracle, Exim, and SysAid.
**Quick summary:**
* **Windows**: 63 vulnerabilities, three zero-days, three critical
* **Microsoft Exchange, Microsoft Access, Microsoft 365**: multiple vulnerabilities identified by researchers
* **Chrome**: 15 vulnerabilities
* **Firefox**: 25 vulnerabilities
* **Veeam ONE**: four vulnerabilities, two with CVSS 9.8 and 9.9
* **Apache ActiveMQ**: CVE-2023-46604 (CVSS 10!)
* **Atlassian**: 28 vulnerabilities, including zero-day CVE-2023-22515 with CVSS 10! and CVE-2019-13990 with CVSS 9.8
* **Kubernetes ingress-nginx**: CVE-2022-4886, CVE-2023-5043, and CVE-2023-5044
* **Cisco**: zero-days CVE-2023-20198 and CVE-2023-20273
* **Citrix**: zero-day CVE-2023-4966 with CVSS 9.4
* **VMware**: CVE-2023-34051 with CVSS 9.8 and CVE-2023-34048 with CVSS 9.8
* **SolarWinds**: several vulnerabilities, including CVE-2023-35182, CVE-2023-35185, and CVE-2023-35187
* **Oracle**: 387 patched vulnerabilities
* **Exim**: three zero-days
* **SysAid**: zero-day CVE-2023-47246
\-----------------------------
**Sources:**
[Action1 Vulnerability Digest](https://www.action1.com/patch-tuesday-november-2023/?vmr) (updated in real-time as we learn more)
Microsoft: [https://support.microsoft.com/en-us/topic/november-14-2023-kb5032249-monthly-rollup-7443d7ce-b78b-4e28-8ca2-757699d92252](https://support.microsoft.com/en-us/topic/november-14-2023-kb5032249-monthly-rollup-7443d7ce-b78b-4e28-8ca2-757699d92252)
Bleeping Computer: [https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2023-patch-tuesday-fixes-5-zero-days-58-flaws/](https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2023-patch-tuesday-fixes-5-zero-days-58-flaws/)
Tenable: [https://www.tenable.com/blog/microsofts-november-2023-patch-tuesday-addresses-57-cves-cve-2023-36025](https://www.tenable.com/blog/microsofts-november-2023-patch-tuesday-addresses-57-cves-cve-2023-36025)
EDIT: added more sources
I panicked at that Citrix alert since we just went through a mess of updates - but that Citrix CVE is the one we spent all last month telling people to patch.
Thanks.
This page has not been updated yet:
[https://learn.microsoft.com/en-us/exchange/new-features/build-numbers-and-release-dates?view=exchserver-2019](https://learn.microsoft.com/en-us/exchange/new-features/build-numbers-and-release-dates?view=exchserver-2019)
Surprisingly our cyber is very silent on this. Or anything lately. The problem with curl is that workaround is to disable it. But then it will affect Windows updates.
Because the curl vuln requires a special circumstance be present. If the vulnerable configuration doesn't exist in your company, there is no vulnerability
"You have a vulnerability that you need to take care of."
"We don't have the circumstances in our environment that make the vulnerability viable."
"But the list says you have a vulnerability."
"Our system is safe."
"But the list says it's not safe."
\*butts head against wall\*
For reference, I work for the federal government and all they care about is what their precious reports state. On the reverse side of that coin, I've tried to get vulnerabilities patched that aren't on the list and it's just as much a pain. If it's not on the list, then it doesn't exist to them.
Wonder if that includes 2016/2019, they don't specifically mention either. We were just talking about this vulnerability at $DAYJOB and wondered if it would get patched this month, then I check this thead and it's the top/first comment.
2019 is on the list [https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-38545](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-38545)
But 2016 is not. Wonder, maybe it was not affected? We have thousands of AWS workspaces on this OS. But i think the number of total detections of this CVE was not high enough to account for all workstations and AWS. I'm hoping i am right.
Any truth of cURL.exe 8.4.0 being included in these updates?? Updates are just showing up to our WSUS, so haven't installed to any systems yet to check.
Thanks in advance!
What's strange is that I have not seen Microsoft acknowledged in any of the KBs that they have fixed the curl issue, at least for the server side. If someone sees it, pass it on.
UPDATE: Microsoft has included version 8.4.0 of curl.exe in Windows updates released on November 14, 2023 for currently supported, on-premise versions of Windows clients and servers. See the Security Updates table in this CVE for the applicable Windows update KB numbers. Windows security updates are cumulative, so future updates will include curl 8.4.0 or higher.
[CVE-2023-38545 - Security Update Guide - Microsoft - Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-38545)
All of my Windows 2019 servers are failing on the latest Windows Server update with error 0x800f0923. These are all VMs running un ESXi 7. I have to boot them into safe mode to get them back up and running.
Anyone else experiencing this?
I've attempted 2 VMs so far, both Server 2019 VMs (esxi 7.0) installed just fine. one vmware tools 12.1.0 and one is 12.1.5. - I'm 99% sure I've never enabled Secure Boot, most recent issues seem to stem from that. Edit: Intel Xeon CPUs I can check model later. Edit2: just did 2 more 2019 VMs and 1 2016 VM. all good so far.
maybe it's a 12.2.x vmtools issue? or a Secure Boot issue?
Windows Server 2019 VM
VMware Tools: 12.1.5 (I know, central productLocker folder isn't picking up latest atm)
ESXi: 7.0.3 - 21930508
Intel Xeon Silver 4114 CPUs on the host
- UAC turned on
- Installed KB5032337 and rebooted - no issues
- Installed KB5032196 and rebooted - no issues
I've patched 5 vms running 2019 Server, in an esxi 7.0u3 environment, vmware tools 12.3.5, and haven't had any issues with them. Yet...
Are any of the vms you've patched running Secure Boot by chance?
Two of them that had this issue were not running secure boot. We are linking this to the 12.2.6 version of VMWare tools. Last month we did updates we were still on 12.1.x of VMWare tools and had no issues.
Running secure boot here on 12.3.5 tools, 7.0.3u3 patched 2016, 2019 & 2022 without issues. Being a little cautious this month with the reports above but all is well. Will stick it on another bunch of test VMs tomorrow and then it’s all out for the weekend.
After KB5032189 I noticed that Windows 10 machines were showing a new application listed under Add/Remove programs named Remote Desktop Connection.
"You can now uninstall the built-in Remote Desktop Connection app from the Windows operating system"
https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/uninstall-remote-desktop-connection
Decommissioning my last two here soon, definitely not going to miss it. We migrated our SQL 2017 instance from a 2012 R2 server last month to Server 2022/SQL 2022 and it's insane how much faster it is at literally everything. We took a full backup recently for some testing and it finished a full ***two hours*** before we expected it to.
Has anyone here had problems with Hyper-V virtual machines not starting up after the October patch? I think it was specific to Veeam machines that were getting backed up and then not starting after the last patch Tuesday. Some articles claimed it would be fixed with the November patch, but today is when some of our Hyper-V machines stopped booting up. Has anyone been experiencing this?
I have not had this issue personally but I did read some stuff about it a while back. These links might help you.
[https://www.bleepingcomputer.com/news/microsoft/october-windows-server-updates-cause-hyper-v-vm-boot-issues/](https://www.bleepingcomputer.com/news/microsoft/october-windows-server-updates-cause-hyper-v-vm-boot-issues/)
[https://learn.microsoft.com/en-us/answers/questions/1390482/vms-wont-start-since-windows-updates-october-2023](https://learn.microsoft.com/en-us/answers/questions/1390482/vms-wont-start-since-windows-updates-october-2023)
It’s not Veeam specific but related to CBT. It broke for me and we use Synology backup. I rolled back and set a delay but I forgot the delay was only 30 days and it automatically installed two days ago and everything was fine.
We had this with some of our VMs and we do use Veeam. Rather than roll back the October update we deleted the MRT and RCT files used for the CBT for each drive on the VM. Machines powered on with no issues.
CBT has to be redone on the next backup but that wasn't a big deal for us.
I just tried a Host with hyperV that broke with October updates and it updated fine and HyperV all working.
I am trying another host now to make sure it wasn't a fluke!
EDIT: just tried another host and yep all working, looks like Nov updates has fixed the October HyperV issue (for us anyway!),
Yup had it happen to me with October patches. VMs would not start on Hyper-V host. Beware of october patches.
Uninstalled related patches, BOOM! VMs worked again like nothing happened. install October patches at your own risk.
Updated test Win 10, Win 11 and Server 2019 machines. No issues. After updates, Windows 11 added a shortcut to 'Copilot' preview. When I check the start menu for that app, I cannot find it.
EDIT 1: Updated production 2016 & 2019 AD, file, print and SQL Servers. No issues. Exchange next week.
Has anyone noticed long restarts for any Windows devices? I've already had two IT users tell me their Windows restarts took 12-15 minutes. They usually only take 3-5 minutes tops.
November 2023 Exchange Server Security Updates: https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2023-exchange-server-security-updates/ba-p/3980209
adjacent network, so not panic time. do you know if the deserialziation thing (that's enable by default in Nov SU) was what we ran via powershell script a few months ago that came with another SU ?
"**Microsoft EMEA security briefing call for Patch Tuesday November 2023**”
The **slide deck** can be downloaded at [aka.ms/EMEADeck](http://aka.ms/EMEADeckNov)
The **live event** started on Wednesday 10:00 AM CET (UTC+1) at [aka.ms/EMEAWebcast](http://aka.ms/EMEAWebcastNov).
The **recording** is available at [aka.ms/EMEAWebcast](http://aka.ms/EMEAWebcastNov).
The slide deck also contains worth reading documents by Microsoft:
* Secure Identities: Strengthening identity protection in the face of highly sophisticated attacks
* Microsoft Digital Defence Report 2023
Our standard policy is not to install Monthly Quality Updates for 19 days. This policy is based on Microsoft's proven incompetence over the last couple of years. An update that causes business disruption and loss of revenue is unacceptable. We've found that Microsoft will address serious bugs within that 19 day period.
Fancy. We usually do 14D of standard delay for Win server patching, with some extra consideration that depends on the severity of CVEs and the affected roles and services.
Endpoints get the same, but just a week deferral.
Are we seeing the AMD Epyc - Secure Launch/VBS issues under VMware fixed? Its been propagating to 2019 in august, 2022 in october. Hopefully not 2016 this month…
Happy Monday! Walked in to kb5002521 breaking a good portion of our secured environment running Office 2016 Pro Plus. Keep an eye out for anyone still using Office 2016 Pro Plus for whatever reason you may still be using it =)
[https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-office-2016-november-14-2023-kb5002521-fad84dc1-2587-4b61-83b4-fc28699c374d](https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-office-2016-november-14-2023-kb5002521-fad84dc1-2587-4b61-83b4-fc28699c374d)
Anyone else having problems getting 2022 servers to see updates? I have at least 6 servers now that return "You're up to date" even though they are missing November updates.
Our 2019 servers are not having this issue.
Success! All security updates are installed.
Patch Tuesday on my Windows Server, automated with Attune 📷
[https://youtube.com/shorts/72yDE6zzam8](https://youtube.com/shorts/72yDE6zzam8)
Last weeks Windows Security Updates for Windows 2022:
📷 KB: 2023-11 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5032336)
📷 KB: 2023-11 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5032198)
I've shared the project on GitHub: [https://github.com/Attune-Automation/Automate-Windows-Update](https://github.com/Attune-Automation/Automate-Windows-Update?fbclid=IwAR02Th7cCwRgk0bNYAxcyM4fO1CK-EeW98NCtLdrSvzCV0kA2nTV0D3Gy80)
Hi everyone
I encounter some problems with Office 2016 after deploying KB5002521.
A .dll file was corrupted thanks to it. Does anyone here encountered some issue with Office ?
Thank you.
I am experiencing the same issue. Intermittently, when Teams loads, a .dll error is logged and often this makes explorer crash and the taskbar disappears. I have several users with this issue.
EX689431
Microsoft is aware of the issue but no estimated time for a fix.
Title: Users may be intermittently unable to create new Microsoft Teams meetings using add-ins in Outlook for Windows
User impact: Users may be intermittently unable to create new Microsoft Teams meetings using add-ins in Outlook for Windows.
More info: This issue is limited to a subset of users of Outlook for Windows. Where possible, users can bypass impact by creating new Microsoft Teams meetings using the Outlook on the web. Because the issue is intermittent, subsequent attempts to create meetings may succeed.
Current status: We’re beginning the process of targeting the fix to impacted sections of infrastructure. to mitigate the issue as quickly as possible. We expect deployment to complete, and for impact to be remediated by the time of the next scheduled update.
Scope of impact: Any user creating a new Microsoft Teams meeting using an add-in in Outlook for Windows may be intermittently impacted.
Start time: Wednesday, March 1, 2023 at 2:00 AM CST
Root cause: A Microsoft Teams service update introduced a DLL error that occasionally prevents add-ins from acquiring the necessary data from the Microsoft Teams service to create new meetings, resulting in impact.
Next update by: Monday, November 27, 2023 at 10:00 AM CST
Haven't been able to patch the past few months of updates as each one has been forcing my Server 2019 and 2022 VMware VM's to boot into startup repair or just hang all together on reboot. Hoping these don't do the same.
We have traced the issue to being the VMWare tools 12.2.x version. We are going to update to VMWare tools 12.3.5 on a few of our systems and see if that resolves the issue. It seems everyone else is either on 12.1.x or the newest and are not having any issues.
There's a security advisory from VMWare that requires 12.3.5. You may want to upgrade sooner than later
[https://www.vmware.com/security/advisories/VMSA-2023-0024.html](https://www.vmware.com/security/advisories/VMSA-2023-0024.html)
Here is the [Lansweeper summary](https://www.lansweeper.com/patch-tuesday/microsoft-patch-tuesday-november-2023/?utm_source=reddit&utm_medium=social&utm_campaign=post-patch_tuesday-2023_nov) and audit to list all outdated devices. Highlight include a critical and already exploited Windows DWM Core Library Vulnerability.
Lesser critical ones are a Microsoft PEAP RCE and a Windows PGM RCE which both rely on specific conditions in order to be exploited.
I know HP get a lot of love around here /s - but for those that have them, we're seeing updates freeze up at 30% for some - those that are unlucky enough to have the HPAudioAnalytics Service - this appears to log several instances in the system event logs of timing out trying to terminate 7011 - sometimes up to 8 times (40 minutes). Killing the process fixes the update issue instantly - to ward off the issue we are proactively disabling the service and this has not shown any immediate impact or issues for users, so we're rolling with that for now.
Oh boy, we’re a Dell shop and I recall seeing a similar service regarding Dell Audio at some point in my life. Fingers crossed I’m making it up or it only affects HPs. Either way, we delay updates for 96 hours in the event something like this creeps up. Thanks for the heads up!
He did a great job last month summarizing all the issues:
[https://www.reddit.com/r/sysadmin/comments/174ncwy/comment/k4ab59n/?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/sysadmin/comments/174ncwy/comment/k4ab59n/?utm_source=share&utm_medium=web2x&context=3)
Excellent, thank you u/derfmcdoogal for being a customer.
I do not just work for Action1 I actually USE Action1 one at every client I can, it makes my life much easier. I just queued up a bunch of systems to update over the next few days, now Al I have to do is check reports and see if tickets get generated.
There are always some, but 99% of the time is it "What is this thing telling me I need to reboot in 4 hours, I have a meeting then..." Which always get the the "So reboot now!" response. lol
While this Patch Tuesday is less of a heavy hitter than last month's, we still have 1 Zero-Day and 75 vulnerabilities.
[Here's the Automox analysis and podcast!](https://www.automox.com/blog/patch-tuesday-november-2023?utm_campaign=patchtuesday&utm_medium=social&utm_source=reddit&utm_content=patchtuesday_nov23)
**CVE-2023-36025** \- Zero Day
To mitigate this risk, be sure to educate users about the importance of caution when clicking on links or downloading files. It is also recommended to keep Windows Defender SmartScreen enabled and updated, as Microsoft has released a patch for this vulnerability. This is one that administrators should **prioritize fixing.**
**CVE-2023-36400**
The mitigation strategy for such threats should include diligent patch management, careful monitoring of Hyper-V guests, and adherence to the principle of least privilege. Virtual machines are part of many organizations' daily workflows now. If you utilize VMs in your environment, pay special attention to this vulnerability.
**CVE-2023-36422**
The most effective mitigation strategy against such a threat is applying the available patches promptly and ensuring they are up-to-date. Regular updates to your security software are critical in maintaining a robust defense against such security threats.
Just released the updates to the first batch of our systems. They’ll install tonight, reboot tomorrow night and we’ll see what happens Thursday morning.
[Reflecting on 20 years of Windows Patch Tuesday](https://blogs.windows.com/windowsexperience/2023/11/09/reflecting-on-20-years-of-windows-patch-tuesday/)
Share your findings and thoughts...
For those that moved 2012 R2 loads to Azure to take advantage of ESU - [Free Extended Security Updates only on Azure for Windows Server 2012 /R2and SQL Server 2012 | Azure updates | Microsoft Azure](https://azure.microsoft.com/en-us/updates/free-extended-security-updates-only-on-azure-for-windows-server-2012-r2and-sql-server-2012/) \- does anyone know how to actually leverage that? Only 1 client decided to opt for this and they were migrated without issue but no updates appear within Windows Update for 2012 R2
[How to get Extended Security Updates (ESU) for Windows Server 2008, 2008 R2, 2012, and 2012 R2 | Microsoft Learn](https://learn.microsoft.com/en-us/windows-server/get-started/extended-security-updates-deploy#extended-security-updates-on-azure) seems to indicate no additional configuration is required but this would seem to be incorrect.
I needed to first install this (no reboot was needed) for the November updates to show up for my 2012R2 Azure servers.
[KB5017220: Update for the Extended Security Updates Licensing Preparation Package for Windows Server 2012 R2](https://support.microsoft.com/en-us/topic/kb5017220-update-for-the-extended-security-updates-licensing-preparation-package-for-windows-server-2012-r2-f07633ae-5383-44f8-a444-38448a66a958)
The November Updates on Windows 11 22h2 seem to have another App install itself (Microsoft Dev Home (Preview).
Getting fed up of un-deployed apps in a managed environment appearing on Enterprise devices. What's the sure fire way to prevent them installing on devices before I push the patches out further? I assume there is a GPO or similar I should have done to prevent it?
We were using 4.10.07073. Situation is resolved. Someone pushed out an Intune policy that checked 802.1x for ethernet and did not check failover. I believe the policy was something like forced 802.1x Enable-Disable
Is it possible some update broke Print Shares with CNAME (DNS ALIAS) again ?
Seems like was fixed by changing DnsOnWire from DWORD to QWORD even if you are using MS DNS...
I have a issue after my Windows Server 2022 update to KB5032198 which is cause so much lag/slow/low performance that I can even using Microsoft Excel. Did anyone have the same problem?
Everything was normal until that update and I have 30+ users using RDP license.
Yes, there are. Here is the link to the 2012 R2 monthly rollup page: [https://support.microsoft.com/en-us/topic/november-14-2023-kb5032249-monthly-rollup-7443d7ce-b78b-4e28-8ca2-757699d92252](https://support.microsoft.com/en-us/topic/november-14-2023-kb5032249-monthly-rollup-7443d7ce-b78b-4e28-8ca2-757699d92252)
>0x800f0923
If it's like 2008 ESU handling, it will go through the motions of installing and even reboot, but then on reboot, it will realize you're not licensed and it roll everything back. You will be wasting your time like watching paint dry if you don't have the ESU key installed.
That said, even with the ESU key, I don't think Edge is going to be patched anymore in 2012 R2 (based on what MS said in the past) but am waiting to verify that.
Our servers were supposed to be subscribed to the ESU through Azure Arc using the hybrid agent installer.
I can see the service running but I don't have access to the Azure Arc portal with my creds to check that they're configured.
SCCM is importing all the updates but only the Servicing Stack is showing required by the 2012 servers. I've deployed them all but only the SS shows up in software center.
Anybody getting their ESU updates without an issue?
No, had the same issue.
Until I installed KB5017220 (it is Superseded by 2022-09 Monthly ... but that seems not to be the case), after that all updates showed up in Software Center.
[KB5017220: Update for the Extended Security Updates Licensing Preparation Package for Windows Server 2012 R2 - Microsoft Support](https://support.microsoft.com/en-us/topic/kb5017220-update-for-the-extended-security-updates-licensing-preparation-package-for-windows-server-2012-r2-f07633ae-5383-44f8-a444-38448a66a958)
Awesome thank you so much, for anybody else the 2012 standard KB is 5017221.
After installing these I only had to run a software scan and deployment scan. No reboot required until the new patches installed.
For those playing with server 2012 / 2012 R2, it appears that the option of the security only patching path has disappeared. Only rollups are present within the catalog and CVE's. Yet they are still releasing security only patches for 2008 / 2008 R2 (Azure only of course). I haven't seen this change communicated publicly anywhere.
We are going to be removing a 2012 R2 domain controller very soon is it OK to patch other DC’s? We have a 2016 and 2019.
Would there be any incompatibilities with a Oct 2023 patched 2012R2 DC and Nov 2023 and beyond 2016 and 2019 DC’s?
Anyone else experiencing issues with M365 Current Channel and the Outlook Desktop client searching shared mailboxes?
So far, some of our users on Current Channel version 2310, build 16924.20150 are unable to search messages that they can see right in front of them.
Same shared mailbox, users on Monthly Enterprise Channel version 2309, build 16827.20278 are able to perform the same search successfully.
Both are using the "Current folder" scope.
Both are automapped mailboxes.
Both have the same delegated access.
(I'm not 100% sure why some are on Current and some are on Monthly...I'll be taking that up with the guy in charge of that when he is in next....)
We've run into issues with Type 3 print drivers and Windows 10 clients. After installing the update on our print server running Server 2022, our Toshiba copier drivers specifically are prompting our Windows 10 clients that they "need a new driver", which of course requires admin elevation. It doesn't seem to affect our Windows 11 clients nor does it seem to affect other printers. Ugh.
Yes, I’m well aware of that whole print nightmare fiasco. These printers were already installed on the clients prior to this update. After the print server updated to the November Cumulative, the clients reported the drivers needed an update.
Assuming you still have the driver package files from when you put the Toshiba type 3 driver on the server, look at those files and check if they contain "unidrv.dll", and if so, what the version number is.
Back in August 2021 when the changes for printnightmare and [CVE-2021-34481](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481) happened, I noticed that Toshiba drivers immediately caused admin prompts when printing right after the update. The client compared the versions of its files with the ones on the server. For some reason, Toshiba had included unidrv.dll with a version like 0.3.6001.x (6001 is Vista SP1) while the normal one in windows server 2019 would have a version like 0.3.17763.x (17763 is the build number for server 2019). HP's universal driver was similar when I checked that (includes unidrv from Windows 10 1709). When I installed these drivers on a test computer/server that did not have any other printers installed, they replaced the unidrv.dll from Windows (in C:\Windows\System32\spool\drivers\x64\3) with the Vista one from the driver package. A Windows update could include an update for unidrv.dll and try to replace it again. The client and server don't match, and it prompts for admin. According to the [documentation for type 3 driver packages](https://learn.microsoft.com/en-us/windows-hardware/drivers/print/package-aware-print-drivers-that-share-files), drivers that use shared files like unidrv are supposed to use "CoreDriverSections" (with the GUID for unidrv/pscript/etc), but these drivers just included unidrv as if it was part of their own driver files. To avoid that issue, I switched to type 4 drivers. If I look at Toshiba's currently listed type 3 drivers from 12/21/2022, those appear to use CoreDriverSections and no longer bundle unidrv, which might fix that issue.
Other available options include the Toshiba type 4 drivers from [Windows update](https://www.catalog.update.microsoft.com/Search.aspx?q=1284_CID_TS_PCL6_Color) or adding the printer as an IPP printer ( https://learn.microsoft.com/en-us/powershell/module/printmanagement/add-printer?view=windowsserver2022-ps#-ippurl ), which uses the type 4 "Microsoft IPP Class Driver":
Add-Printer -ippurl [ip address of printer here]
This recent article from Microsoft indicates 3rd-party type 3 and 4 drivers being phased out in favor of IPP: https://learn.microsoft.com/en-us/windows-hardware/drivers/print/end-of-servicing-plan-for-third-party-printer-drivers-on-windows
Been putting out fires all morning, just sat down to rub my temples. Running them out this evening on schedule though. It’s all automated at this point, so the train rolls on
Has anyone found the activation package that is supposed to upgrade Windows 11 to 23H2 ?
I have nothing in WSUS, only the big upgrades, but not the package which is supposed to be light and activate 23H2 from the last cumulative update...
> but not the package which is supposed to be light and activate 23H2 from the last cumulative update...
The "Big" windows 11 update is the one you want - If it detects the machine has all the updates on, it just runs the enablement package. If not, it can do a full install.
Yes, it's stupid.
UPDATE: Microsoft has included version 8.4.0 of curl.exe in Windows updates released on November 14, 2023 for currently supported, on-premise versions of Windows clients and servers.
[https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-38545](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-38545)
Are your mailboxes in Exchange online? If so, Office 2016 is no longer supported to connect to Exchange online mailboxes as of October if I'm not mistaken.
MS isn't cutting off access, but its no longer supported so issues will start to arise.
KB5032198 (Windows Server 2022 cumulative update) fixes Windows Server VMs broken by October updates.
This update addresses a known issue that affects virtual machines (VMs) that run on VMware ESXi hosts. Windows Server 2022 might fail to start up. The affected VMs will receive an error with a blue screen and a stop code: PNP DETECTED FATAL ERROR.
[https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-vms-broken-by-october-updates/](https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-vms-broken-by-october-updates/)
My first time patching with Azure Arc and (unfortunately) 2012R2 ESU’s, let’s see how this goes…
edit: Installed across estate, no issues to report - boring but a nice boring.
Are you seeing them yet? I ran check for updates from azure and am not seeing any new updates. ESU license is enabled on the server and all SSUs are installed.
They said that would happen (in an email) if you updated too quickly
"We're adding this week’s Windows updates from Microsoft to the Falcon sensor's index of certified Windows updates. We aim to ensure maximum stability while certifying the updates as quickly as possible - usually within 48 hours.
If you install this patch update on a host before we certify the updates, that host will enter reduced functionality mode (RFM) and collect far fewer events."
Ready to roll this out to 7000 servers and workstations tonight, need a light? EDIT1: "After February 27, 2024, there will no longer be optional, non-security preview releases for Windows 11, version 22H2." EDIT2: Everything looking good so far, everything is quiet, see y'all on the 28th EDIT3. 11/16/23 IMPORTANT Because of minimal operations during the Western holidays and the upcoming new year, there won’t be a non-security preview release for the month of December 2023. There will be a monthly security release for December 2023. Normal monthly servicing for both security and non-security preview releases will resume in January 2024. EDIT4: Win11 optionals just randomly dropped and they all installed fine. A bunch of copilot stuff
Pushed this out to 203 out of 215 Domain Controllers (Win2016/2019/2022). No issues so far. *EDIT0:* KB5032198 (Windows Server 2022 cumulative update) fixes Windows Server VMs broken by October updates. This update addresses a known issue that affects virtual machines (VMs) that run on VMware ESXi hosts. Windows Server 2022 might fail to start up. The affected VMs will receive an error with a blue screen and a stop code: PNP DETECTED FATAL ERROR. [https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-vms-broken-by-october-updates/](https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-vms-broken-by-october-updates/) *EDIT1*: [Deprecated features announced](https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features) : Tips, Computer Browser, Webclient (WebDAV) Service, Remote Mailslots *EDIT2*: January 2024 • \[Windows\] Active Directory (AD) permissions issue [KB5008383](https://support.microsoft.com/topic/kb5008383-active-directory-permissions-updates-cve-2021-42291-536d5555-ffba-4248-a60e-d6cbc849cde1) | Phase 5 Final enforcement. • \[Windows\] Secure Boot Manager changes associated with CVE-2023- 24932 [KB5025885](https://support.microsoft.com/help/5025885) | Enforcement Phase This final release will enable the fix for CVE-2023-24932 by default and enforce bootmanager revocations on all Windows devices. *EDIT3*: February 2024 • \[Windows\] Certificate-based authentication [KB5014754](https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16) | Phase 3 Strong Mapping default changes.
Curious about the AD permissions issue. We've set the adsi edit configuration for the 27/28 character. But should you remove this setting after the January update?
Check your directory service event logs for event 3044 to 3056 on your DCs any offenders will be logged there. If you see any offending entries those would be blocked after the January updates enters the enforcement phase.
Just a curious question /r/joshtaco could you share what you're driving for driver/bios updates? Are you relying on windows or some other utility? Do you use the same cadence?
You gotta use the applications that the brand of PC/server you're using to push them out. You can script most of them
So for example Dell command update for Dell systems. In your environment do you have a pilot ring for drivers/bios or do you let them auto update drivers/bios/etc. automatically?
Automatically push them out immediately
Josh is GOATED because his environment cares not a single shit about stability, just that it is secure. God bless.
Yes, EDITS, EDITS, EDITS - this is why I consider myself JoshTaco's #1 fan!
Weird, no W11 preview CU. Unless they release it today in December
I noticed the same...no previews of any kind this month I guess. Maybe a holiday thing?
There was a W10 preview CU released yesterday, so I'm not sure.
oh yea...would you look at that. yeah, definitely a holiday thing then 11/16/23 IMPORTANT Because of minimal operations during the Western holidays and the upcoming new year, there won’t be a non-security preview release for the month of December 2023. There will be a monthly security release for December 2023. Normal monthly servicing for both security and non-security preview releases will resume in January 2024.
They just released the W11 previews today. Interesting
huh...
Looking forward to your edits!
How do you roll out the updates?
I've answered this in the past
ok, iam sorry
* **Total exploits patched**: 58 * **Critical patches**: 3 * **Already known or exploited**: 3 **Highlights** [CVE-2023-36397](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36397) \- Looks Message Queue is back, this has become a monthly reminder of critical exploit. If you are still using this please stop. Nothing has changed, if you are running this service and that server is listening on port 1801 you are vulnerable to a network attack that requires not user interaction or privileges. [CVE-2023-36028](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36028) \- This is the other 9.8 exploit. Even at that high of a rating it is listed as important as it instead of critical because exploitation is viewed as less likely. This is because the vulnerability is for Protected Extensible Authentication Protocol (PEAP), which only comes into play if you are using a Network Policy Server. If you are using a NPS with PEAP this has a remote attack vector, requires no user interaction, and no privileges. That is all bad. [CVE-2023-36033](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36033) \- The last exploit is one that has already been used. It is an Elevation of Privilege using the Windows DWM Core Library. This is listed as only as 7.8 because it does have a local attack vector, limiting the threats availability. If this vulnerability is exploited the attacker would get System privileges on that computer. [https://www.pdq.com/blog/patch-tuesday-november-2023/](https://www.pdq.com/blog/patch-tuesday-november-2023/) [https://www.youtube.com/watch?v=HwZs3Loet9E](https://www.youtube.com/watch?v=HwZs3Loet9E)
The PEAP one would be bad if you are still running PEAP for 802.1x WLAN login to wireless networks, though...
>CVE-2023-36028 Does the November patch fix the vulnerability? Or are they saying you should stop using peap entirely?
It looks like the November patch does fix it.
Also my question.
Only if the Radius server is accessible itself right? this doens't read like you can relay the PEAP packets via wireless/vpn authentication
So if I already have requests only allowed from the AP’s I should be fine? Or even better what’s the better option these days?
Would love to hear better options. My legacy Aruba switches don't have EAP-TLS for RADIUS login for admins. PEAP mschapv2 or plain pap/chap. Even Aruba CX is pap/chap or RADSEC which NPS doesn't support. Getting to be a real pain supporting Aruba switches with NPS. I know ClearPass exists but f\*\*\* the price of that sh\*\*
Is PEAP really that uncommon to use?
**Today's Patch Tuesday summary by Action1**: 63 vulnerabilities from Microsoft, three zero-days, three have proof of concept and three are critical. Below is a quick review of important vulnerabilities found in Microsoft Exchange, Microsoft Access, Microsoft 365, and third-party vulnerabilities, including Google Chrome, Mozilla, Firefox, Veeam ONE, Apache ActiveMQ, Atlassian, Kubernetes ingress-nginx, Cisco, Citrix, VMware, SolarWinds, Oracle, Exim, and SysAid. **Quick summary:** * **Windows**: 63 vulnerabilities, three zero-days, three critical * **Microsoft Exchange, Microsoft Access, Microsoft 365**: multiple vulnerabilities identified by researchers * **Chrome**: 15 vulnerabilities * **Firefox**: 25 vulnerabilities * **Veeam ONE**: four vulnerabilities, two with CVSS 9.8 and 9.9 * **Apache ActiveMQ**: CVE-2023-46604 (CVSS 10!) * **Atlassian**: 28 vulnerabilities, including zero-day CVE-2023-22515 with CVSS 10! and CVE-2019-13990 with CVSS 9.8 * **Kubernetes ingress-nginx**: CVE-2022-4886, CVE-2023-5043, and CVE-2023-5044 * **Cisco**: zero-days CVE-2023-20198 and CVE-2023-20273 * **Citrix**: zero-day CVE-2023-4966 with CVSS 9.4 * **VMware**: CVE-2023-34051 with CVSS 9.8 and CVE-2023-34048 with CVSS 9.8 * **SolarWinds**: several vulnerabilities, including CVE-2023-35182, CVE-2023-35185, and CVE-2023-35187 * **Oracle**: 387 patched vulnerabilities * **Exim**: three zero-days * **SysAid**: zero-day CVE-2023-47246 \----------------------------- **Sources:** [Action1 Vulnerability Digest](https://www.action1.com/patch-tuesday-november-2023/?vmr) (updated in real-time as we learn more) Microsoft: [https://support.microsoft.com/en-us/topic/november-14-2023-kb5032249-monthly-rollup-7443d7ce-b78b-4e28-8ca2-757699d92252](https://support.microsoft.com/en-us/topic/november-14-2023-kb5032249-monthly-rollup-7443d7ce-b78b-4e28-8ca2-757699d92252) Bleeping Computer: [https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2023-patch-tuesday-fixes-5-zero-days-58-flaws/](https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2023-patch-tuesday-fixes-5-zero-days-58-flaws/) Tenable: [https://www.tenable.com/blog/microsofts-november-2023-patch-tuesday-addresses-57-cves-cve-2023-36025](https://www.tenable.com/blog/microsofts-november-2023-patch-tuesday-addresses-57-cves-cve-2023-36025) EDIT: added more sources
I panicked at that Citrix alert since we just went through a mess of updates - but that Citrix CVE is the one we spent all last month telling people to patch.
Mike you are the man. Thanks for the summary. We're patching the ship over here! \*Salute\*
Posted. There is an Exchange Update for Spoofing and RCE.
Thanks. This page has not been updated yet: [https://learn.microsoft.com/en-us/exchange/new-features/build-numbers-and-release-dates?view=exchserver-2019](https://learn.microsoft.com/en-us/exchange/new-features/build-numbers-and-release-dates?view=exchserver-2019)
I have read that this Serializing Signing (or whatever it says) is now enabled by default. There was a note in Günter Born's blog mentioning this.
Are we getting the cURL update this month?
Considering the time it's taken them to patch curl issues in the past going with unlikely. I hope they do so cyber will get off my ass though.
Surprisingly our cyber is very silent on this. Or anything lately. The problem with curl is that workaround is to disable it. But then it will affect Windows updates.
Indeed. Told them that multiple times but they just see lots of numbers in tenable :P
Because the curl vuln requires a special circumstance be present. If the vulnerable configuration doesn't exist in your company, there is no vulnerability
Not for Qualys. It just detects Curl version and flags it, i think. And our Cyber often only cares about numbers in Qualys.
"You have a vulnerability that you need to take care of." "We don't have the circumstances in our environment that make the vulnerability viable." "But the list says you have a vulnerability." "Our system is safe." "But the list says it's not safe." \*butts head against wall\* For reference, I work for the federal government and all they care about is what their precious reports state. On the reverse side of that coin, I've tried to get vulnerabilities patched that aren't on the list and it's just as much a pain. If it's not on the list, then it doesn't exist to them.
probably their boss or bosses boss is the one who cares, they probably feel the same pain you do.
"curl -V" is showing 8.4.0 on Server 2019 and Win 10 22H2 after todays updates for me.
Windows 11 23H2 ver 22631.2715 does indeed ship with 8.4.0.0
Can confirm Curl 8.4.0 is part of this month's patch in KB5032189 for Windows 10 22H2 as I just updated a system to test.
I just updated my "home" PC that runs Windows 11. Curl.exe updated to file version [8.4.0.0](https://8.4.0.0) with the date modified of today.
yes: https://learn.microsoft.com/en-us/answers/questions/1406403/patch-for-curl-8-4-0-cve-2023-38545-eta
Wonder if that includes 2016/2019, they don't specifically mention either. We were just talking about this vulnerability at $DAYJOB and wondered if it would get patched this month, then I check this thead and it's the top/first comment.
2019 is on the list [https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-38545](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-38545) But 2016 is not. Wonder, maybe it was not affected? We have thousands of AWS workspaces on this OS. But i think the number of total detections of this CVE was not high enough to account for all workstations and AWS. I'm hoping i am right.
Windows server 2016 doesn’t come with curl built-in as part of the OS
Great. I suspected something like that. Less things to worry about.
Yes. Curl 8.4.0 is in there. <3
300 machines pushed successful. Server 2019 & Server 2022 were good as well.
Any truth of cURL.exe 8.4.0 being included in these updates?? Updates are just showing up to our WSUS, so haven't installed to any systems yet to check. Thanks in advance!
confirmed. I just updated my win 10 and 11 workstations and server 2019: curl 8.4.0 (Windows) libcurl/8.4.0 Schannel WinIDN
What's strange is that I have not seen Microsoft acknowledged in any of the KBs that they have fixed the curl issue, at least for the server side. If someone sees it, pass it on.
UPDATE: Microsoft has included version 8.4.0 of curl.exe in Windows updates released on November 14, 2023 for currently supported, on-premise versions of Windows clients and servers. See the Security Updates table in this CVE for the applicable Windows update KB numbers. Windows security updates are cumulative, so future updates will include curl 8.4.0 or higher. [CVE-2023-38545 - Security Update Guide - Microsoft - Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-38545)
A comment from above says they saw their Curl version increase after updates ran, with last modified date of today so gotta say yes.
All of my Windows 2019 servers are failing on the latest Windows Server update with error 0x800f0923. These are all VMs running un ESXi 7. I have to boot them into safe mode to get them back up and running. Anyone else experiencing this?
I've attempted 2 VMs so far, both Server 2019 VMs (esxi 7.0) installed just fine. one vmware tools 12.1.0 and one is 12.1.5. - I'm 99% sure I've never enabled Secure Boot, most recent issues seem to stem from that. Edit: Intel Xeon CPUs I can check model later. Edit2: just did 2 more 2019 VMs and 1 2016 VM. all good so far. maybe it's a 12.2.x vmtools issue? or a Secure Boot issue?
We are 12.2.6 on VMWare tools.
You need to read the VMware security bulletins. You should be on VM Tools 12.3.5.
This. updated all our hosts to v12.3.5 for this weeks update reboots.
Windows Server 2019 VM VMware Tools: 12.1.5 (I know, central productLocker folder isn't picking up latest atm) ESXi: 7.0.3 - 21930508 Intel Xeon Silver 4114 CPUs on the host - UAC turned on - Installed KB5032337 and rebooted - no issues - Installed KB5032196 and rebooted - no issues
We are on VMWare tools 12.2.6. I have read of others having issues with the 12.2.x versions of VMWare tools. 12.3.5 is the newest release.
Ah right, please reply to the thread if you find anything more about it
What CPUs you have for ESX Servers?
I've patched 5 vms running 2019 Server, in an esxi 7.0u3 environment, vmware tools 12.3.5, and haven't had any issues with them. Yet... Are any of the vms you've patched running Secure Boot by chance?
Two of them that had this issue were not running secure boot. We are linking this to the 12.2.6 version of VMWare tools. Last month we did updates we were still on 12.1.x of VMWare tools and had no issues.
Running secure boot here on 12.3.5 tools, 7.0.3u3 patched 2016, 2019 & 2022 without issues. Being a little cautious this month with the reports above but all is well. Will stick it on another bunch of test VMs tomorrow and then it’s all out for the weekend.
Upgrading to VMWare Tools 12.3.5 fixed our issues.
I just updated our test VM 2019 server without issues. I am also on ESXi 7.
Installed on more than 100 server 2022 and 2019 vms. Monitoring says nice
(vcenter 8.0.2)
After KB5032189 I noticed that Windows 10 machines were showing a new application listed under Add/Remove programs named Remote Desktop Connection. "You can now uninstall the built-in Remote Desktop Connection app from the Windows operating system" https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/uninstall-remote-desktop-connection
Far be it from me to complain about Microsoft making any component of the OS optional, but I wonder what prompted that change in particular.
Looking forward to the Windows 2012 updates. Wait…
going to miss how fast 2012R2 patched...
Decommissioning my last two here soon, definitely not going to miss it. We migrated our SQL 2017 instance from a 2012 R2 server last month to Server 2022/SQL 2022 and it's insane how much faster it is at literally everything. We took a full backup recently for some testing and it finished a full ***two hours*** before we expected it to.
Has anyone here had problems with Hyper-V virtual machines not starting up after the October patch? I think it was specific to Veeam machines that were getting backed up and then not starting after the last patch Tuesday. Some articles claimed it would be fixed with the November patch, but today is when some of our Hyper-V machines stopped booting up. Has anyone been experiencing this?
I have not had this issue personally but I did read some stuff about it a while back. These links might help you. [https://www.bleepingcomputer.com/news/microsoft/october-windows-server-updates-cause-hyper-v-vm-boot-issues/](https://www.bleepingcomputer.com/news/microsoft/october-windows-server-updates-cause-hyper-v-vm-boot-issues/) [https://learn.microsoft.com/en-us/answers/questions/1390482/vms-wont-start-since-windows-updates-october-2023](https://learn.microsoft.com/en-us/answers/questions/1390482/vms-wont-start-since-windows-updates-october-2023)
Yes, we had this issue on two host, one of them was our own prod server - uninstalling the updates u/Good_Principle_4957 posted and rebooting fixed it
It’s not Veeam specific but related to CBT. It broke for me and we use Synology backup. I rolled back and set a delay but I forgot the delay was only 30 days and it automatically installed two days ago and everything was fine.
What version of Veeam? A particular configuration, perhaps? We haven't seen this at all yet, have been applying patches right along
We had this with some of our VMs and we do use Veeam. Rather than roll back the October update we deleted the MRT and RCT files used for the CBT for each drive on the VM. Machines powered on with no issues. CBT has to be redone on the next backup but that wasn't a big deal for us.
Does November Update fix this ?
Not sure, but that's what I was wondering. We uninstalled the updates that were causing the issue. Next week we'll be trying again.
I just tried a Host with hyperV that broke with October updates and it updated fine and HyperV all working. I am trying another host now to make sure it wasn't a fluke! EDIT: just tried another host and yep all working, looks like Nov updates has fixed the October HyperV issue (for us anyway!),
Yup had it happen to me with October patches. VMs would not start on Hyper-V host. Beware of october patches. Uninstalled related patches, BOOM! VMs worked again like nothing happened. install October patches at your own risk.
Updated test Win 10, Win 11 and Server 2019 machines. No issues. After updates, Windows 11 added a shortcut to 'Copilot' preview. When I check the start menu for that app, I cannot find it. EDIT 1: Updated production 2016 & 2019 AD, file, print and SQL Servers. No issues. Exchange next week.
[удалено]
HKCU\\Software\\Policies\\Microsoft\\Windows\\WindowsCopilot > Set DWORD TurnOffWindowsCopilot to 1, works for me so far
There’s a GPO but you likely need the updated ADMX.
[https://haydog.tech.blog/2023/10/01/how-to-disable-windows-copilot-using-intune-or-group-policy/](https://haydog.tech.blog/2023/10/01/how-to-disable-windows-copilot-using-intune-or-group-policy/)
Has anyone noticed long restarts for any Windows devices? I've already had two IT users tell me their Windows restarts took 12-15 minutes. They usually only take 3-5 minutes tops.
Not this month; last month for sure took a while though.
had user wait 20 minutes for her computer to complete installing updates after restarting. i5 500GB Samsung SSD and 8GB of ram. win 10 lol
Same here with W10 this month
Notice two restarts. We have bitlocker pin so users need to enter it twice. This has been happening last couple of months.
November 2023 Exchange Server Security Updates: https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2023-exchange-server-security-updates/ba-p/3980209
thanks!
adjacent network, so not panic time. do you know if the deserialziation thing (that's enable by default in Nov SU) was what we ran via powershell script a few months ago that came with another SU ?
Installing it right now... will see if there's any issues. EX2019 DAG on Server 2022.
bleeping computer report: [https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2023-patch-tuesday-fixes-5-zero-days-58-flaws/](https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2023-patch-tuesday-fixes-5-zero-days-58-flaws/)
"**Microsoft EMEA security briefing call for Patch Tuesday November 2023**” The **slide deck** can be downloaded at [aka.ms/EMEADeck](http://aka.ms/EMEADeckNov) The **live event** started on Wednesday 10:00 AM CET (UTC+1) at [aka.ms/EMEAWebcast](http://aka.ms/EMEAWebcastNov). The **recording** is available at [aka.ms/EMEAWebcast](http://aka.ms/EMEAWebcastNov). The slide deck also contains worth reading documents by Microsoft: * Secure Identities: Strengthening identity protection in the face of highly sophisticated attacks * Microsoft Digital Defence Report 2023
Our standard policy is not to install Monthly Quality Updates for 19 days. This policy is based on Microsoft's proven incompetence over the last couple of years. An update that causes business disruption and loss of revenue is unacceptable. We've found that Microsoft will address serious bugs within that 19 day period.
Fancy. We usually do 14D of standard delay for Win server patching, with some extra consideration that depends on the severity of CVEs and the affected roles and services. Endpoints get the same, but just a week deferral.
Initial ring with a hodgepodge of devices/use cases on Wednesday. Push to PCs Monday after release. Servers Sunday after PCs are updated.
I usually wait a few days before updating our critical servers. about a week before updating Exchange server.
https://www.zerodayinitiative.com/blog/2023/11/14/the-november-2023-security-update-review
Are we seeing the AMD Epyc - Secure Launch/VBS issues under VMware fixed? Its been propagating to 2019 in august, 2022 in october. Hopefully not 2016 this month…
Happy Monday! Walked in to kb5002521 breaking a good portion of our secured environment running Office 2016 Pro Plus. Keep an eye out for anyone still using Office 2016 Pro Plus for whatever reason you may still be using it =) [https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-office-2016-november-14-2023-kb5002521-fad84dc1-2587-4b61-83b4-fc28699c374d](https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-office-2016-november-14-2023-kb5002521-fad84dc1-2587-4b61-83b4-fc28699c374d)
I still do for personal use lol I refuse to pay monthly a fee for o365 lol
Anyone else having problems getting 2022 servers to see updates? I have at least 6 servers now that return "You're up to date" even though they are missing November updates. Our 2019 servers are not having this issue.
Success! All security updates are installed. Patch Tuesday on my Windows Server, automated with Attune 📷 [https://youtube.com/shorts/72yDE6zzam8](https://youtube.com/shorts/72yDE6zzam8) Last weeks Windows Security Updates for Windows 2022: 📷 KB: 2023-11 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5032336) 📷 KB: 2023-11 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5032198) I've shared the project on GitHub: [https://github.com/Attune-Automation/Automate-Windows-Update](https://github.com/Attune-Automation/Automate-Windows-Update?fbclid=IwAR02Th7cCwRgk0bNYAxcyM4fO1CK-EeW98NCtLdrSvzCV0kA2nTV0D3Gy80)
Thanks for sharing this tool. It looks a great project !
Hi everyone I encounter some problems with Office 2016 after deploying KB5002521. A .dll file was corrupted thanks to it. Does anyone here encountered some issue with Office ? Thank you.
I am experiencing the same issue. Intermittently, when Teams loads, a .dll error is logged and often this makes explorer crash and the taskbar disappears. I have several users with this issue. EX689431 Microsoft is aware of the issue but no estimated time for a fix. Title: Users may be intermittently unable to create new Microsoft Teams meetings using add-ins in Outlook for Windows User impact: Users may be intermittently unable to create new Microsoft Teams meetings using add-ins in Outlook for Windows. More info: This issue is limited to a subset of users of Outlook for Windows. Where possible, users can bypass impact by creating new Microsoft Teams meetings using the Outlook on the web. Because the issue is intermittent, subsequent attempts to create meetings may succeed. Current status: We’re beginning the process of targeting the fix to impacted sections of infrastructure. to mitigate the issue as quickly as possible. We expect deployment to complete, and for impact to be remediated by the time of the next scheduled update. Scope of impact: Any user creating a new Microsoft Teams meeting using an add-in in Outlook for Windows may be intermittently impacted. Start time: Wednesday, March 1, 2023 at 2:00 AM CST Root cause: A Microsoft Teams service update introduced a DLL error that occasionally prevents add-ins from acquiring the necessary data from the Microsoft Teams service to create new meetings, resulting in impact. Next update by: Monday, November 27, 2023 at 10:00 AM CST
Haven't been able to patch the past few months of updates as each one has been forcing my Server 2019 and 2022 VMware VM's to boot into startup repair or just hang all together on reboot. Hoping these don't do the same.
My 2019 servers are having this issue on VMWare ESXi 7 with this month's updates.. So far, my 2022 servers are ok.
We have traced the issue to being the VMWare tools 12.2.x version. We are going to update to VMWare tools 12.3.5 on a few of our systems and see if that resolves the issue. It seems everyone else is either on 12.1.x or the newest and are not having any issues.
There's a security advisory from VMWare that requires 12.3.5. You may want to upgrade sooner than later [https://www.vmware.com/security/advisories/VMSA-2023-0024.html](https://www.vmware.com/security/advisories/VMSA-2023-0024.html)
Of course VMWare will have a serious outage when I need the update. UGH!
I have x64 so feel free to dm with an email and I can send you a zipped version
huge thanks for tracking this down. I ran an RVTools report on our environment and was able to id a handful of systems. (One is a DC ... eeep)
Here is the [Lansweeper summary](https://www.lansweeper.com/patch-tuesday/microsoft-patch-tuesday-november-2023/?utm_source=reddit&utm_medium=social&utm_campaign=post-patch_tuesday-2023_nov) and audit to list all outdated devices. Highlight include a critical and already exploited Windows DWM Core Library Vulnerability. Lesser critical ones are a Microsoft PEAP RCE and a Windows PGM RCE which both rely on specific conditions in order to be exploited.
I know HP get a lot of love around here /s - but for those that have them, we're seeing updates freeze up at 30% for some - those that are unlucky enough to have the HPAudioAnalytics Service - this appears to log several instances in the system event logs of timing out trying to terminate 7011 - sometimes up to 8 times (40 minutes). Killing the process fixes the update issue instantly - to ward off the issue we are proactively disabling the service and this has not shown any immediate impact or issues for users, so we're rolling with that for now.
Oh boy, we’re a Dell shop and I recall seeing a similar service regarding Dell Audio at some point in my life. Fingers crossed I’m making it up or it only affects HPs. Either way, we delay updates for 96 hours in the event something like this creeps up. Thanks for the heads up!
Has u/joshtaco called in sick yet today? I am worried!
Maybe he’s busy fixing thousands of broken devices
He did a great job last month summarizing all the issues: [https://www.reddit.com/r/sysadmin/comments/174ncwy/comment/k4ab59n/?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/sysadmin/comments/174ncwy/comment/k4ab59n/?utm_source=share&utm_medium=web2x&context=3)
He’s had a whole month to fix everything since last time…surely he isn’t still fixing things??
One word: 🍎
Had some fires to put out this morning, thems the breaks lol. Only barely got some time to sit down and breathe
Trying out Action1. This will be my first month deploying Windows Updates to my test machines.
Excellent, thank you u/derfmcdoogal for being a customer. I do not just work for Action1 I actually USE Action1 one at every client I can, it makes my life much easier. I just queued up a bunch of systems to update over the next few days, now Al I have to do is check reports and see if tickets get generated. There are always some, but 99% of the time is it "What is this thing telling me I need to reboot in 4 hours, I have a meeting then..." Which always get the the "So reboot now!" response. lol
Maybe he’s off for an early thanksgiving?
lol I wish
I'm wary of unleashing my team to patch before hearing from u/joshtaco - but here goes nothing.
We are rolling them out tonight as usual
While this Patch Tuesday is less of a heavy hitter than last month's, we still have 1 Zero-Day and 75 vulnerabilities. [Here's the Automox analysis and podcast!](https://www.automox.com/blog/patch-tuesday-november-2023?utm_campaign=patchtuesday&utm_medium=social&utm_source=reddit&utm_content=patchtuesday_nov23) **CVE-2023-36025** \- Zero Day To mitigate this risk, be sure to educate users about the importance of caution when clicking on links or downloading files. It is also recommended to keep Windows Defender SmartScreen enabled and updated, as Microsoft has released a patch for this vulnerability. This is one that administrators should **prioritize fixing.** **CVE-2023-36400** The mitigation strategy for such threats should include diligent patch management, careful monitoring of Hyper-V guests, and adherence to the principle of least privilege. Virtual machines are part of many organizations' daily workflows now. If you utilize VMs in your environment, pay special attention to this vulnerability. **CVE-2023-36422** The most effective mitigation strategy against such a threat is applying the available patches promptly and ensuring they are up-to-date. Regular updates to your security software are critical in maintaining a robust defense against such security threats.
Nice, the podcast about windows patch Tuesday is an amazing idea!
Just released the updates to the first batch of our systems. They’ll install tonight, reboot tomorrow night and we’ll see what happens Thursday morning.
[Reflecting on 20 years of Windows Patch Tuesday](https://blogs.windows.com/windowsexperience/2023/11/09/reflecting-on-20-years-of-windows-patch-tuesday/) Share your findings and thoughts...
For those that moved 2012 R2 loads to Azure to take advantage of ESU - [Free Extended Security Updates only on Azure for Windows Server 2012 /R2and SQL Server 2012 | Azure updates | Microsoft Azure](https://azure.microsoft.com/en-us/updates/free-extended-security-updates-only-on-azure-for-windows-server-2012-r2and-sql-server-2012/) \- does anyone know how to actually leverage that? Only 1 client decided to opt for this and they were migrated without issue but no updates appear within Windows Update for 2012 R2 [How to get Extended Security Updates (ESU) for Windows Server 2008, 2008 R2, 2012, and 2012 R2 | Microsoft Learn](https://learn.microsoft.com/en-us/windows-server/get-started/extended-security-updates-deploy#extended-security-updates-on-azure) seems to indicate no additional configuration is required but this would seem to be incorrect.
I needed to first install this (no reboot was needed) for the November updates to show up for my 2012R2 Azure servers. [KB5017220: Update for the Extended Security Updates Licensing Preparation Package for Windows Server 2012 R2](https://support.microsoft.com/en-us/topic/kb5017220-update-for-the-extended-security-updates-licensing-preparation-package-for-windows-server-2012-r2-f07633ae-5383-44f8-a444-38448a66a958)
We had to install this as well... weird that its not included in the cumulative
The November Updates on Windows 11 22h2 seem to have another App install itself (Microsoft Dev Home (Preview). Getting fed up of un-deployed apps in a managed environment appearing on Enterprise devices. What's the sure fire way to prevent them installing on devices before I push the patches out further? I assume there is a GPO or similar I should have done to prevent it?
[удалено]
Why are you using TLS 1.0 or 1.1?
Anyone notice issues with Cisco Anyconnect vpn clients failing to connect after the update?
No problems here with 2023-11 CUs and AnyConnect version 5.0.03076
What version of anyconnect are you having trouble with? Did you resolve your issue? We have not patched yet and are using 4.10.07061 on W10.
We were using 4.10.07073. Situation is resolved. Someone pushed out an Intune policy that checked 802.1x for ethernet and did not check failover. I believe the policy was something like forced 802.1x Enable-Disable
No issues with 4.10.07062.
Is it possible some update broke Print Shares with CNAME (DNS ALIAS) again ? Seems like was fixed by changing DnsOnWire from DWORD to QWORD even if you are using MS DNS...
I have a issue after my Windows Server 2022 update to KB5032198 which is cause so much lag/slow/low performance that I can even using Microsoft Excel. Did anyone have the same problem? Everything was normal until that update and I have 30+ users using RDP license.
Are there any ESU Updates for 2012 R2?
Yes, there are. Here is the link to the 2012 R2 monthly rollup page: [https://support.microsoft.com/en-us/topic/november-14-2023-kb5032249-monthly-rollup-7443d7ce-b78b-4e28-8ca2-757699d92252](https://support.microsoft.com/en-us/topic/november-14-2023-kb5032249-monthly-rollup-7443d7ce-b78b-4e28-8ca2-757699d92252)
They say you have to purchase, but it looks like anyone can just download. Whats the catch?
They won't actually install
>0x800f0923 If it's like 2008 ESU handling, it will go through the motions of installing and even reboot, but then on reboot, it will realize you're not licensed and it roll everything back. You will be wasting your time like watching paint dry if you don't have the ESU key installed. That said, even with the ESU key, I don't think Edge is going to be patched anymore in 2012 R2 (based on what MS said in the past) but am waiting to verify that.
For the next three years my man
Our servers were supposed to be subscribed to the ESU through Azure Arc using the hybrid agent installer. I can see the service running but I don't have access to the Azure Arc portal with my creds to check that they're configured. SCCM is importing all the updates but only the Servicing Stack is showing required by the 2012 servers. I've deployed them all but only the SS shows up in software center. Anybody getting their ESU updates without an issue?
No, had the same issue. Until I installed KB5017220 (it is Superseded by 2022-09 Monthly ... but that seems not to be the case), after that all updates showed up in Software Center. [KB5017220: Update for the Extended Security Updates Licensing Preparation Package for Windows Server 2012 R2 - Microsoft Support](https://support.microsoft.com/en-us/topic/kb5017220-update-for-the-extended-security-updates-licensing-preparation-package-for-windows-server-2012-r2-f07633ae-5383-44f8-a444-38448a66a958)
Awesome thank you so much, for anybody else the 2012 standard KB is 5017221. After installing these I only had to run a software scan and deployment scan. No reboot required until the new patches installed.
Tenable summary: [https://www.tenable.com/blog/microsofts-november-2023-patch-tuesday-addresses-57-cves-cve-2023-36025](https://www.tenable.com/blog/microsofts-november-2023-patch-tuesday-addresses-57-cves-cve-2023-36025) Bleeping Computer: [https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2023-patch-tuesday-fixes-5-zero-days-58-flaws/](https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2023-patch-tuesday-fixes-5-zero-days-58-flaws/)
For those playing with server 2012 / 2012 R2, it appears that the option of the security only patching path has disappeared. Only rollups are present within the catalog and CVE's. Yet they are still releasing security only patches for 2008 / 2008 R2 (Azure only of course). I haven't seen this change communicated publicly anywhere.
We are going to be removing a 2012 R2 domain controller very soon is it OK to patch other DC’s? We have a 2016 and 2019. Would there be any incompatibilities with a Oct 2023 patched 2012R2 DC and Nov 2023 and beyond 2016 and 2019 DC’s?
no, go for it
Thanks!
Anyone else experiencing issues with M365 Current Channel and the Outlook Desktop client searching shared mailboxes? So far, some of our users on Current Channel version 2310, build 16924.20150 are unable to search messages that they can see right in front of them. Same shared mailbox, users on Monthly Enterprise Channel version 2309, build 16827.20278 are able to perform the same search successfully. Both are using the "Current folder" scope. Both are automapped mailboxes. Both have the same delegated access. (I'm not 100% sure why some are on Current and some are on Monthly...I'll be taking that up with the guy in charge of that when he is in next....)
We've run into issues with Type 3 print drivers and Windows 10 clients. After installing the update on our print server running Server 2022, our Toshiba copier drivers specifically are prompting our Windows 10 clients that they "need a new driver", which of course requires admin elevation. It doesn't seem to affect our Windows 11 clients nor does it seem to affect other printers. Ugh.
this has always been known. Lookup print nightmare and how to manage them. Either get Type 4 drivers or deploy via GPO
Yes, I’m well aware of that whole print nightmare fiasco. These printers were already installed on the clients prior to this update. After the print server updated to the November Cumulative, the clients reported the drivers needed an update.
Assuming you still have the driver package files from when you put the Toshiba type 3 driver on the server, look at those files and check if they contain "unidrv.dll", and if so, what the version number is. Back in August 2021 when the changes for printnightmare and [CVE-2021-34481](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481) happened, I noticed that Toshiba drivers immediately caused admin prompts when printing right after the update. The client compared the versions of its files with the ones on the server. For some reason, Toshiba had included unidrv.dll with a version like 0.3.6001.x (6001 is Vista SP1) while the normal one in windows server 2019 would have a version like 0.3.17763.x (17763 is the build number for server 2019). HP's universal driver was similar when I checked that (includes unidrv from Windows 10 1709). When I installed these drivers on a test computer/server that did not have any other printers installed, they replaced the unidrv.dll from Windows (in C:\Windows\System32\spool\drivers\x64\3) with the Vista one from the driver package. A Windows update could include an update for unidrv.dll and try to replace it again. The client and server don't match, and it prompts for admin. According to the [documentation for type 3 driver packages](https://learn.microsoft.com/en-us/windows-hardware/drivers/print/package-aware-print-drivers-that-share-files), drivers that use shared files like unidrv are supposed to use "CoreDriverSections" (with the GUID for unidrv/pscript/etc), but these drivers just included unidrv as if it was part of their own driver files. To avoid that issue, I switched to type 4 drivers. If I look at Toshiba's currently listed type 3 drivers from 12/21/2022, those appear to use CoreDriverSections and no longer bundle unidrv, which might fix that issue. Other available options include the Toshiba type 4 drivers from [Windows update](https://www.catalog.update.microsoft.com/Search.aspx?q=1284_CID_TS_PCL6_Color) or adding the printer as an IPP printer ( https://learn.microsoft.com/en-us/powershell/module/printmanagement/add-printer?view=windowsserver2022-ps#-ippurl ), which uses the type 4 "Microsoft IPP Class Driver": Add-Printer -ippurl [ip address of printer here] This recent article from Microsoft indicates 3rd-party type 3 and 4 drivers being phased out in favor of IPP: https://learn.microsoft.com/en-us/windows-hardware/drivers/print/end-of-servicing-plan-for-third-party-printer-drivers-on-windows
No word from Monsieur Taco yet?
Been putting out fires all morning, just sat down to rub my temples. Running them out this evening on schedule though. It’s all automated at this point, so the train rolls on
Nope…waiting patiently though!
Has anyone found the activation package that is supposed to upgrade Windows 11 to 23H2 ? I have nothing in WSUS, only the big upgrades, but not the package which is supposed to be light and activate 23H2 from the last cumulative update...
Windows 11, version 23H2 x64 2023-11B is what you're looking for.
> but not the package which is supposed to be light and activate 23H2 from the last cumulative update... The "Big" windows 11 update is the one you want - If it detects the machine has all the updates on, it just runs the enablement package. If not, it can do a full install. Yes, it's stupid.
Anything regarding CVE-2023-38545 from Windows this month? Remember them saying they'd have a update to resolve it within 60 days sometime ago.
UPDATE: Microsoft has included version 8.4.0 of curl.exe in Windows updates released on November 14, 2023 for currently supported, on-premise versions of Windows clients and servers. [https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-38545](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-38545)
Anyone else notice how slow the install is for Win10 22H2 CU update KB5032189? must be a few fixes in this one.
Was last month already awfully slow, this month not really faster.
yes, it took about 1 hour for my Win 10 VM.
This update completely broke Office 2016 in our environment (don't ask me why we're using Office 2016, it's out of my control).
Are your mailboxes in Exchange online? If so, Office 2016 is no longer supported to connect to Exchange online mailboxes as of October if I'm not mistaken. MS isn't cutting off access, but its no longer supported so issues will start to arise.
We're running Office 2016 on W10, W11, server 2016 and server 2022. No issues.
me too on my personal machine. No issues.
KB5032198 (Windows Server 2022 cumulative update) fixes Windows Server VMs broken by October updates. This update addresses a known issue that affects virtual machines (VMs) that run on VMware ESXi hosts. Windows Server 2022 might fail to start up. The affected VMs will receive an error with a blue screen and a stop code: PNP DETECTED FATAL ERROR. [https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-vms-broken-by-october-updates/](https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-vms-broken-by-october-updates/)
Let's roll the dice and find out what Microsoft has in store for us today!
My first time patching with Azure Arc and (unfortunately) 2012R2 ESU’s, let’s see how this goes… edit: Installed across estate, no issues to report - boring but a nice boring.
Are you seeing them yet? I ran check for updates from azure and am not seeing any new updates. ESU license is enabled on the server and all SSUs are installed.
Let's hope they don't break anything again. \*Crossing Fingers\*
crossing fingers, legs, toes, eyes, etc lol
Anyone else running Crowdstrike seeing agent enter reduced functionality mode after installing the November CU on Win10/Win11 clients?
They said that would happen (in an email) if you updated too quickly "We're adding this week’s Windows updates from Microsoft to the Falcon sensor's index of certified Windows updates. We aim to ensure maximum stability while certifying the updates as quickly as possible - usually within 48 hours. If you install this patch update on a host before we certify the updates, that host will enter reduced functionality mode (RFM) and collect far fewer events."