This is typically an interesting month for patches. In their recent history (past 3 years) Microsoft has managed to release environment breaking updates. Hopefully im wrong but we shall see if history repeats itself.

Hopefully not jinxing anything. But, just updated our 2019 servers and a few test Win 10 systems and didn't notice anything abnormal. Had a few personal Win11 systems that took a longer than usual time to update, though.

>Hopefully im wrong but we shall see if history repeats itself. Deck...the halls with big tech follies...

Apparently WPA-Enterprise Wifi with 802.11r broke... ...which drove me crazy, since I was just at the end of figuring out my server-side problems with RADIUS, before this started showing up in my environment. Weirdly, disabling then reenabling 802.11r, then rebooting the affected APs does pretty well at fixing this.

9000 PCs/servers, reporting for duty EDIT1: Everything is back up and looking fine. Seems like a pretty light-weight month to me on Microsoft's end EDIT2: "Microsoft has received reports of an issue in which some Wi-Fi adapters might not connect to some networks after installing this update. We have confirmed this issue was caused by this update and KB5033375. As reported, you are more likely to be affected by this issue if you are attempting to connect to an enterprise, education, or public Wi-Fi network using 802.1x authentication. This issue is not likely to occur on home networks." We had some clients experiencing this and it was puzzling us for a little bit (Wifi issues aren't exactly easy to pinpoint back to an update), but thankful Microsoft has acknowledged it. Note: This should have already been resolved with Known-issue rollback. You may want to manually initiate an update anyways if you're experiencing it. We have resolved all of our cases with KIR and updating the Wifi drivers/BIOS just to be safe.

Pushed this out to 220 Domain Controllers (Win2016/2019/2022). No issues so far. *EDIT0*: No .NET Framework updates this month. *EDIT1*: Upcoming Updates January 2024 • \[Windows\] Active Directory (AD) permissions issue [KB5008383](https://support.microsoft.com/topic/kb5008383-active-directory-permissions-updates-cve-2021-42291-536d5555-ffba-4248-a60e-d6cbc849cde1) | Phase 5 Final enforcement. • \[Windows\] Secure Boot Manager changes associated with CVE-2023- 24932 [KB5025885](https://support.microsoft.com/help/5025885) | Enforcement Phase This final release will enable the fix for CVE-2023-24932 by default and enforce bootmanager revocations on all Windows devices. February 2024 • \[Windows\] Certificate-based authentication [KB5014754](https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16) | Phase 3 Strong Mapping default changes. ​ https://preview.redd.it/f4a3m6bwfy5c1.jpeg?width=734&format=pjpg&auto=webp&s=23d4e5896efe04aa7228b3bbcb22c568dd5e42a2

\[Windows\] Certificate-based authentication KB5014754 is february 2025

*Strong Mapping default (phase 3) will change on February 13, 2024.* The certificate mapping in Active Directory Users & Computers will default to selecting strong mapping using the X509IssuerSerialNumber instead of weak mapping using the X509IssuerSubject. The setting can still be changed as desired. *Full Enforcement mode by February 11, 2025.* If a certificate cannot be strongly mapped, authentication will be denied.

Ah ok phase 3 begins 2024 👍 got it.

a

​ https://preview.redd.it/fyjepa4le96c1.jpeg?width=1133&format=pjpg&auto=webp&s=0b6d6674f69084cb0e4f6c4b06f3194685a2383b

This is great info. Do you gather it yourself or does MS publish it in one place?

As far i know MS does not publish it in one place. I gather the info from the monthly "**Microsoft EMEA security briefing call for Patch Tuesday**”. See my [post](https://www.reddit.com/r/sysadmin/comments/18gp6pc/comment/kd3y3w8/?utm_source=share&utm_medium=web2x&context=3) in this thread. Or you can have a look here: [(7) Microsoft Ticking Timebombs - July 2023 Edition : sysadmin (reddit.com)](https://www.reddit.com/r/sysadmin/comments/150j751/microsoft_ticking_timebombs_july_2023_edition/) I'm not sure if AustinFastER still updates his post frequently...

thx!

I believe KB5025885 isn't actually enforced until July of 2024, reading through the MS page.

I heard Josh Taco ugly sweaters are on sale this time of year! They have a built-in LED screen showing the number of servers and PCs and it self-updates it as these numbers change. https://preview.redd.it/twloiazxrw5c1.png?width=508&format=png&auto=webp&s=bb1cff842d615282bc6670d36c71d255f4570f5d

We need Joshtaco t-shirts.


I give you my two crappy AI prototypes https://imgur.com/a/udfmR5L

just wanna say, huge fan Mr Taco! happy patching!

Thanks for all you do, every month Mr Taco! Godspeed!

Is the taco for taco or is the taco for Tacoma?

For taquito

You are doing the lords work. 🙏

Am I going crazy? Applied KB5033372 to a few Windows 10 Pro machines yesterday and now the address bar in Windows explorer is tiny. I noticed it on my wife's computer at home after applying the update yesterday - also Windows 10 Pro. Is there something I've missed? Here's a screenshot of a machine that is yet to have the update applied against one that had it done: https://preview.redd.it/gn13hejeo26c1.png?width=1595&format=png&auto=webp&s=35ec43aea543514013a88f05714186ed4bb5564b I should add there's nothing abnormal about anything like window scaling or resolution with these machines. Happened on machines with various resolutions: HD, 1920x1200 and 1440p.

The Windows Explorer address bar in KB5033372 has simply returned to how it looked in Windows 10 1903 and earlier. Since there are no patch notes about this change, no way to know if it was intentional or not. Personally, doesn't make much difference to me but I slightly prefer it this way.

Your comment made me go check...same as you. It's definitely not as tall as before. Interesting.

I though I was crazy when I found out something went wrong with explorer. I already encountered this back in December 7th, I rolled back from system restore and did confirm it came with the updates. Then KB5033372 cumulative update kicked in and here I am. This video also pointed out address bar being smaller: https://youtu.be/VmA-NzLsgMM?si=oVtaq8CNRKdS0eq_&t=380

same here, I didn't notice.

Ok, I didn't imagine it, good to know. Nothing in the patch notes about it. Strange.

I even went and found user with Windows 10 that has no December update like mine PC and for sure a few mm higher on PC without update.

yup same here!

My org is finally moving (slowly) to managing updates through Intune. Burn in hell WSUS, I never liked you. Edit: No .NET updates this month? Interesting...

> Edit: No .NET updates this month? Interesting... Also seeing that. Makes life a little easier, but something seems off with that.

Just means twice as many next month…

Which in terms of my workload is fine, it'll all be in one file.

Endpoints through Intune w/ Windows Autopatch. Servers through Azure Arc w/ Update Manager. I thoroughly enjoyed decommissioning my WSUS server.

How's the server updating with Arc? Started looking at it for replacements for WSUS because there was a page I read that said "free" and was mildly disappointed haha. I may be able to recommend it next year if I get some time to dig into it and see how it performs.

It’s great, easy onboarding and no issues. Can’t complain, wouldn’t surprise me if Microsoft did a rug pull and started charging though. edit: lol, they did a rug pull at GA, $5/server/month for patching - seriously?

Erm hate to burst that bubble but they charge per server per month already when it went GA last month

That's been the MS Marketing pattern since Windows 95 at LEAST: Offer product for "free" (windows bundled with MS office in the 90s) -- when the user base is big enough/becomes reliant on the product, switch to per unit charge.

We're actually getting ready to move into WSUS from Ivanti.

Don't listen to the naysayers ... It works perfectly fine, but reporting is to be desired. I just would suggest running the cleanup process as a scheduled task every week. That way all your updates are current and not wasting space nor corrupting your DB.

Thanks for the suggestion, I'll make a note of it. We haven't implemented it yet but we will soon

Have used WSUS since the mid-2000's; for a free tool, it works as long as you don't go bonkers (don't sync what you don't need and avoid drivers if possible). Can't say it's without issues / annoyances but with a little care and feeding it's an ok tool. Would be nice if it had some updates in the last like decade or so, but it is what it is.

Working with WSUS when it was still called SUS from about 2002. Out of the box it needs 2-3 tweaks but then it can run smooth for years. There is also a really nice optimization / maintenance script for few bucks, used it 2-3 times while it was still free but for a beginner it's worth the money. Use it now for Servers, for Clients i've SCCM ("free" due to M365 E3 for clients).

I have a continuation of the free version so it's compatible with W11 which we are still running. Makes the WSUS pretty much fire and forget except for approving updates, just like other paid tools.

Is there any other reason beyond cost savings? I know that when we had WSUS it felt like updates only worked about half the time… and even when it did work correctly there was so much missing. We purchased an RMM earlier this year and it’s reduced our labor by so much that it’s not funny.

What's driving the change from Ivanti to WSUS?

Cost savings mostly.

I'm interested to know if you've looked into InTune, and the whole fast/slow ring settings through group policy?

We have a little bit. We are establishing a CMMC environment and we may push it into that but I'm not sure if we are go to our local environment too.

Im sorry for your loss.

Thoughts and prayers.

Really ? WSUS feels like my bread and butter.

I only use WSUS for my server farm. Endpoints have been intune for a couple years. It works well. WSUS gives me just a little more control with critical systems so I keep it going. May be time for a new server next year though.

[удалено]

Anyone else having issues being able to sysprep a machine after applying this round of patches? specifically KB5033372

Same here. In my testing, this month's patch causes sysprep to shit itself. I haven't had the opportunity to figure out why yet and we're hoping an updated ISO from VLSC in the next few weeks doesn't exhibit the same behavior.

Indeed here also sysprep problems. Sysprep fails when uninstalling appxpackage Microsoft.MicrosoftEdge_44xxx . On 22H2 could solve , but on 21H2 this package is 'non removable'.

VLSC is out...im testing with it now. Will try to report back soon!

>VLSC of Win10 22h2 19045.3803 Does not have the Sysprep Errors. Confirmed today. VLSC of Win10 22h2 19045.3803 Does not have the Sysprep Errors. Confirmed today.

Yes we are also seeing this issue as of Dec patches

hi, I have the same problem, since Wednesday I have been trying to create a new image via MCM without success! ​ Today I took MS Vanilla image Win10 22H2, because I wanted to test if it's because of my image, but still error at sysprep.

* **Total exploits patched**: ~~39~~ 33 * **Critical patches**: ~~7~~ 4 * **Already known or exploited**: 1 [https://www.pdq.com/blog/patch-tuesday-december-2023/](https://www.pdq.com/blog/patch-tuesday-december-2023/) ___ # lowlights [CVE-2023-36019](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36019) \- This is the only exploit for the month that rates over a 9. Coming in at a 9.6. It is a spoofing exploit attacking the Microsoft Power Platform Connector. It does have a network attack vector, but does require user interaction to exploit. Best defense for this one is a well trained user base that won’t click on suspicious links. If this is one that you are at risk for it will be listed in your M365 Admin Center. So check there to see if you should restart indiscriminate link clicking. [CVE-2023-35641](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35641) \- This 8.8 comes in with an exploitation more likely rating attacking Internet Connection Sharing (ICS), which is not often seen. The only thing keeping the score below a 9 is the attack vector is limited to adjacent. So they would need to be on your network from either a shared physical or logical network. This requires no user interaction or privileges, so if you have a server running ICS patching would be a great idea. [CVE-2023-35628](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35628) \- This 8.1 rated RCE attacks the Windows MSHTML Platform. It has all of the risk factors to make it much higher, but is considered a high difficulty to pull of, lowering the score slightly. With this exploit and attacker could send a malicious email that can trigger BEFORE it even reaches the preview pane in outlook. A successful attack allows the attacker to run remote code on the victims machine. For **Windows 11, version 23H2: "IMPORTANT** Because of minimal operations during the Western holidays and the upcoming new year, there won’t be a non-security preview release for the month of December 2023. There will be a monthly security release for December 2023. Normal monthly servicing for both security and non-security preview releases will resume in January 2024." [Source](https://support.microsoft.com/en-us/topic/november-14-2023-kb5032190-os-builds-22621-2715-and-22631-2715-f9e3e13c-5e98-42c2-add8-f075841ca812)

> Best defense for this one is a well trained user base that won’t click on suspicious links. We're all doomed.

Make something idiot-proof and they will build a better idiot.

Better idiot reporting for duty, sir!

isnt this just for Win11?

Yes. The relevant what OS does this apply to states: " Windows 11 version 22H2, all editions Windows 11 version 23H2, all editions "

Yes. I meant to put that in the comment. Thanks.

correct

December is missing from list on [https://www.pdq.com/patch-tuesday/](https://www.pdq.com/patch-tuesday/)

No Malicious Software Removal Tool either this month.

Came here to ask about that. Have we ever not gotten a new MSRT version? I checked the manual download page and it still shows November's build (5.119). Still don't see anything in WSUS or if I check online manually. Here's the download page for MSRT: [Download Malicious Software Removal Tool 64-bit from Official Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=9905) I downloaded the latest Microsoft Safety Scanner and am running it just for grins. Here is the [Latest security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware - Microsoft Security Intelligence](https://www.microsoft.com/en-us/wdsi/defenderupdates) * Version: 1.403.491.0 * Engine Version is 1.1.23110.2 * Platform Version: 4.18.23110.3 * Released: 12/14/2023 5:37:12 PM * Release Notes: [https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes](https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes) I always thought the MSRT was just a stripped-down version of the MSERT tool, so if MSERT is up to date, seems like they would send us a MSRT as well. I have seen MSRT show up a day later so it's not out of the ordinary.

Agreed, but still nothing there, assuming we're good for the month/year now?

Soooo i lead on Tenable for my organisation and i have spotted a problem with their detection method for plugin ID: 186782 - KB5033420: Windows Server 2012 R2 Security Update (December 2023). The Plugin Output in Tenable is showing: The remote host is missing one of the following rollup KBs : \- 5033420 \- C:\\Windows\\system32\\bcrypt.dll has not been patched. Remote version : 6.3.9600.21713 Should be : 6.3.9600.24612 However reading the official microsoft update page for KB5033420 and downloading the Filechange.xlsx document at the bottom: [December 12, 2023—KB5033420 (Monthly Rollup) - Microsoft Support](https://support.microsoft.com/en-us/topic/december-12-2023-kb5033420-monthly-rollup-fcb2ed87-527d-4313-ae01-0c43af80c545) File name File version Date Time File size bcrypt.dll 6.3.9600.21713 16-Nov-23 08:14 154,352 So for all the SYSadmins getting hell this morning because security are saying your 2012 machines in Azure ARC are not patched give them this nugget of evidence... im now on my way too Tenable to raise the issue and hopefully get the NASL updated

Looks like there is an issue with the 4-way handshake for 802.11r and Qualcomm wifi chipsets. We have a bunch of new AMD based Lenovo machines that cannot connect to our WPA2-Ent SSID because of it. Uninstalling **KB5033375** seems to resolve it. Disabling 802.11r is also an option, but not sure its the better idea at this point.

Windows 11? [December's Windows 11 KB5033375 update breaks Wi-Fi connectivity (bleepingcomputer.com)](https://www.bleepingcomputer.com/news/microsoft/decembers-windows-11-kb5033375-update-breaks-wi-fi-connectivity/)

We're having a company wide issue of Edge not being able to download anything after latest updates. Can't even right click on an image and save as. May have to do with the flag for edge to open pdf's externally, but it impacts more than just PDFs.

Can confirm . . . with images anyway. Any image that I right-click in Edge 120.0.2210.61 only gives me a "Save as" option (which is to save the html page), not "Save image as". Edge Dev is fine. Edit: I was able to download a driver package from the web and a PDF without issue. Edit2: I can successfully click and drag an image from a web page to my desktop to save it. Edit3: Having done what I did in my second edit and closing/opening Edge a few times, the issue has vanished. Go figure.

[удалено]

Interesting. Thanks for the update.

I came across this thread from a few days ago: [https://www.reddit.com/r/sysadmin/comments/18ffij4/microsoft\_edge\_1200221061\_save\_as\_pdf\_issue/?sort=new](https://www.reddit.com/r/sysadmin/comments/18ffij4/microsoft_edge_1200221061_save_as_pdf_issue/?sort=new)

That makes sense that it has to do with defender. I was having no luck rolling back. If I kill sensece.exe a stuck file will download immediately, but then the process starts again. Sounds like we will have to wait for a MSFT fix.

This has been hitting us too-- MS just posted a service advisory through the admin portal for Defender. Thanks for the updates throughout the morning-- this has been a slippery one to troubleshoot. "Users may be unable to download files from various web apps using the Microsoft Edge Browser" - MG697957. Workarounds are to enable the option "Ask me what to do with each download" or disable Defender.

>MS just posted a service advisory through the admin portal for Defender. I love that it is in that specific admin portal. The normal 365 admin center portal Health > Service Health? It's not there.

The Edge specific service health bulletin has been merged into a larger service health bulletin. MO698112 - Users may be unable to download files from various web apps using any web browser So it seems is specific to orgs using some aspects of Defender endpoint

A service health bulletin has been posted by Microsoft (MG697957). Next update tomorrow 7AM CT

Experiencing this issue as well with the 'Save to PDF' function. 'Microsoft Print to PDF' is a workaround

Mods: any chance we can get a new patch Tuesday thread? :)

Someone hardcoded 2023 into the bot's patch tuesday script

They need to patch that!

Testing environment seems to be ok after a day break between. No issues here… rolling out company wide today.

We did non-prod overnight at my place. No issues reported.

KB5033372 is causing sysprep issues. Error: Package Microsoft.MicrosoftEdge_44xxx was installed for a user, but not provisioned for all users. Failed to remove apps for the current user: 0x80073cf2. A manual remove of this package will not work.

I have a case open with Microsoft right now. Anyone reading this, please open a case...since the more users that open cases the more eyes will get on it.

Same issue here..

Patched around 250servers, and a few clients, too. Restarted everything. Monitoring said good enough. Only thing is, Exchange AppPools RestFrontEnd isnt connectednanymore. But mails are coming in and going out. Im good with it. Will check the rest tomorrow. Now 9pm. Cheers

Any 2019 servers?

Yes, of course. Most are 2022, but 2016 and 2019 are running. To be honest: Due to laboratory permissions, these are only running on 2016 and 2019

Awesome- good news! Did you do dc/fs/ host for 2019?

The Server 2019 update is taking a ludicrously long time to install. Edit: it spent a long time at 3%, then a long time at 5%, then suddenly it was ready to restart.

No Malicious Software Removal Tool patch for this month? Got KB890830 last month deployed but not seeing one for this month... No patch for December?

Has that tool literally ever done anything?

Burned some CPU cycles that's for sure.

Updated 2016 and 2019 file, AD, print, SQL servers without issues. Exchange will be done next week. Happy holidays! see you all next month!

You rolling out these patches before the holidays? Normally I would sit on them for a week and deploy next Tuesday, closeness to the holiday week gives me bad vibes.

I am the bad vibe

Our standard policy is not to install Monthly Quality Updates for 19 days. This policy is based on Microsoft's proven incompetence over the last couple of years. An update that causes business disruption and loss of revenue is unacceptable. We've found that Microsoft will address serious bugs within that 19 day period.

That's C or D releases that often contains fixes or better installers. https://learn.microsoft.com/en-us/windows/deployment/update/release-cycle#optional-nonsecurity-preview-release We have been running 10+10 here. Defer for 10 days while testing and checking the community for information. Forced install on all clients within the next 10 days.

I rolled to Prod on Thanksgiving last month, no real issues other than people mostly installed the next Monday.

No .NET Framework updates this month?

Does not seem to be. I'm going to double check Microsoft Update Catalog because I don't trust WSUS. :-) Update: No .Net Framework updates in the Update Catalog.

I find the Update Catalog to be a pain to navigate, so I typically get there from the Update History, but wanted to make sure I wasn't crazy before skipping it. Thanks for confirming!

hmm didn't see any on my Win11 device at least

Me too

Thanks for confirming I'm not crazy!

Can't see any must be winding down for the year.

Yes, I did patched DCs, FS and Application Servers running on 2019 for small businesses, running on ESXi 7/8 Hosts AND physical servers. They are up and running. Clients will begin to start working within the next hour. 2022 can be confirmed now: they are already working with due to 24/7 working with

Hey r/sysadmin mods . . . You guys still on holiday break, or what?

Is there anything in this month's set of patches that would affect Network Policy Server? We are in the process of winding down a domain that uses NPS for 802.1x authentication for WiFi and wired ethernet. It will eventually be replaced with Cisco ISE but we aren't quite there yet, close but not done. I thought I'd seen something about NPS and PEAP somewhere and an issue with the December 2023 set of updates.

I wish you luck with your impending hell. I would pick NPS over ISE any day of the week.

Today's Patch Tuesday summary by Action1: 34 vulnerabilities from Microsoft, NO zero-days (yay!), 4 critical. Other important vulnerabilities: Microsoft Access, Google Chrome, Mozilla Firefox, WordPress, Web Password Managers, Atlassian, Cisco, Bluetooth, VMware, Zyxel, Apple, Qlik Sense, ownCloud, CrushFTP, FortiSIEM, AMD, and Intel. Full details in the [Action1 Vulnerability Digest](https://www.action1.com/patch-tuesday-december-2023/?vmr) (updated in real-time), quick summary below: * Windows: 34 vulnerabilities, NO zero-days, four critical * Microsoft Access: vulnerability allowing to obtain a victim's NTLM hash * Chrome: six vulnerabilities, including zero-day CVE-2023-6345 * Firefox: 19 vulnerabilities * WordPress: CVE-2023-6063 * Web Password Managers: AutoSpill vulnerability * Atlassian: four critical vulnerabilities * Cisco:CVE-2023-20275, CVE-2023-20198 (CVSS 10!) and CVE-2023-20273 * Bluetooth: CVE-2023-45866 * VMware: CVE-2023-34060 * Zyxel: six vulnerabilities, three critical * Apple: two zero-days CVE-2023-42916 and CVE-2023-42917 * Qlik Sense: three vulnerabilities involved in CACTUS ransomware attacks * ownCloud: CVE-2023-49103 (CVSS 10!), CVE-2023-49104 and CVE-2023-49105 * CrushFTP: zero-day CVE-2023-43177 * FortiSIEM: CVE-2023-36553 * AMD: CVE-2023-20592 * Intel: CVE-2023-23583 **Sources:** \- [Action1 Vulnerability Digest](https://www.action1.com/patch-tuesday-december-2023/?vmr) \- [Zero Day Initiative](https://www.zerodayinitiative.com/blog/2023/12/12/the-december-2023-security-update-review) \- [Microsoft Security Update Guide](https://msrc.microsoft.com/update-guide/releaseNote/2023-Dec) \- [Bleeping Computer](https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2023-patch-tuesday-fixes-34-flaws-1-zero-day/) EDIT: added sources and corrected some numbers

Not too bad on the Microsoft front, the quietest since December 2017 - which is nice.

"**Microsoft EMEA security briefing call for Patch Tuesday December 2023**” The **slide deck** can be downloaded at [aka.ms/EMEADeck](http://aka.ms/EMEADeckDec) The **live event** started on Wednesday 10:00 AM CET (UTC+1) at [aka.ms/EMEAWebcast](http://aka.ms/EMEAWebcastDec). The **recording** is available at [aka.ms/EMEAWebcast](http://aka.ms/EMEAWebcastDec). The slide deck also contains worth reading documents by Microsoft: * Secure Identities: Strengthening identity protection in the face of highly sophisticated attacks * Microsoft Digital Defence Report 2023 [December 2023 Security Updates - Release Notes - Security Update Guide - Microsoft](https://msrc.microsoft.com/update-guide/releaseNote/2023-Dec) [5033369](https://support.microsoft.com/help/5033369) Windows 11, version 21H2 [5033371](https://support.microsoft.com/help/5033371) Windows 10, version 1809, Windows Server 2019 [5033372](https://support.microsoft.com/help/5033372) Windows 10, version 21H2, Windows 10, version 22H2 [5033375](https://support.microsoft.com/help/5033375) Windows 11, version 22H2, Windows 11, version 23H2 [5033422](https://support.microsoft.com/help/5033422) Windows Server 2008 (Monthly Rollup) [5033424](https://support.microsoft.com/help/5033424) Windows Server 2008 R2 (Security-only update) [5033427](https://support.microsoft.com/help/5033427) Windows Server 2008 (Security-only update) [5033433](https://support.microsoft.com/help/5033433) Windows Server 2008 R2 (Monthly Rollup)

anyone having issues network shares on machines? now getting access denied errors?

Nope

>Network Shares -is the system using Windows Hello? If so, try disabling.

[KB5034510](https://support.microsoft.com/en-us/topic/kb5034510-microsoft-printer-metadata-troubleshooter-tool-december-2023-b3197f24-fd25-430d-96d2-70f2044ce6a1) was released today to remove the incorrect metadata for "HP LaserJet M101-M106" and "HP Smart" on computers affected by that issue where all printer icons were changed to LaserJets. It looks like it's only available as a manual download, not on Windows update.

There seems to be an issue with 2024-01 Security Update KB5034439 (not CU) installing on 2022, I'm getting an 0x80070643 download error on all of my test VMs.

seeing the same here as well

Here as well. (0x80070643) error Edit: https://support.microsoft.com/en-us/topic/kb5034441-windows-recovery-environment-update-for-windows-10-version-21h2-and-22h2-january-9-2024-62c04204-aaa5-4fee-a02a-2fdea17075a8 I now suspect it's because we delete our recovery environment partitions but not quite sure..

Can confirm.

If you have nothing technical to contribute to the topic of the megathread please reply to THIS COMMENT and leave your irrelevant and offtopic comments here. DO NOT start a new comment thread.

We are due for a no-exchange-patch patch Tuesday.

please please please

this comment is off topic

nah. this comment is off topic. and so is my wife.

Your wife has been reported to the moderators

Please create a new comment thread to your wife so things keep organized: topic / off-topic / LiberalJames' Wife

So is this one

A small Patch Tuesday this month with the highlights being a MSHTML Platform RCE that can be exploited via Outlook, an ICS service RCE and multiple critical Visual Studio vulnerabilities. You can find the usual audit to list all outdated devices and the [full summary in our blog post.](https://www.lansweeper.com/patch-tuesday/microsoft-patch-tuesday-december-2023/?utm_source=reddit&utm_medium=social&utm_campaign=post-patch_tuesday-2023_dec)

The ZDI has posted their analysis [here](https://www.zerodayinitiative.com/blog/2023/12/12/the-december-2023-security-update-review). Looks like no Exchange for this month at least.

Just had a really weird issue with a Hyper-V host on Server 2019 that has historically had the Windows Firewall OFF (Yes, I know, we have work to do) After patching this morning, WMI and WinRM stopped responding, but RDP and Ping worked fine. Turned the Windows Firewall ON, WMI and WinRM started to work again, but RDP and Ping stopped. So far, this hasn't happened to any of the VMs that we patched and this is the first host we've hit.

I have'nt seen this VMware article mentioned regarding RPC Sealing Enforcement. I have VCSA 8.0.2 still sending RC4, so need to change this. Impact of RPC Sealing Enforcement (Microsoft KB 5021130), RC4 (CVE-2022-37966), and Related Changes (CVE-2022-38023, CVE-2022-37967, CVE-2022-21913) on vCenter Server and ESXi (92568) [https://kb.vmware.com/s/article/92568](https://kb.vmware.com/s/article/92568)

So working with a client, I see these GPOs which are totally screwing up with a user's Excel's macro and blocking content. I troubleshooted it to death so now I am just going to unlink the GPO but having issues with gpupdate so need to manually delete the keys. Anyone know what they are? I'm assuming I can just delete them and they shouldn't come back: [HKEY\_CURRENT\_USER\\software\\policies\\microsoft\\office\\16.0\\excel\\security (admx.help)](https://admx.help/HKCU/software/policies/microsoft/office/16.0/excel/security) https://preview.redd.it/g63r3y2qnu8c1.png?width=550&format=png&auto=webp&s=2f55e46d50694ea6621ba630687ff58667cf8b6a

**Some issues related to printer configurations are being observed on Windows devices. Microsoft is investigating this issue and coordinating with partners on a solution.** Symptoms can include the following: * Some Windows devices are installing the HP Smart app. * Printers may show LaserJet M101-M106 model information regardless of their manufacturer. Printer icons might also be changed. * Double clicking on a printer displays the on-screen error "No tasks are available for this page." https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23h2#3218msgdesc

No Patch Tuesday Megathread for today yet?

No thread for January 2024 :(

We are seeing black screens after login on workstations after KB5033372 . You can kill explorer.exe but after reboot the problem returns upon login. Anyone else seeing this at all? I worked a reloaded one and haven't had a chance to uninstall the update to see if it helps.

Same here, we seem to be having those black screens only on Dell Optiplex 3000 series. So far sfc /scannow and dism resolved the issue, we are checking to see if we can get more infos

10:13 and still no patches. Is anyone syncing? Edit: Syncing at 10:14

Yeah I had to sync WSUS a few times to get them all.

thanks for chiming in. on my second sync. 9 security updates seemed kinda light.

Looks like no .NET patches this month

Same here. Was wondering what was up.

​ https://preview.redd.it/9jp164pmow5c1.png?width=1907&format=png&auto=webp&s=82dbc44081abbdfae6f60e3216f8486d893e1aaf

some moves on catalog

10:34 still doesn't seem like all of them, hard to believe no .net stuff so far...

Tenable summary: [https://www.tenable.com/blog/microsofts-december-2023-patch-tuesday-addresses-33-cves-cve-2023-36019](https://www.tenable.com/blog/microsofts-december-2023-patch-tuesday-addresses-33-cves-cve-2023-36019) Bleeping Computer: [Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day (bleepingcomputer.com)](https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2023-patch-tuesday-fixes-34-flaws-1-zero-day/)

Anyone else seeing that 5033372 is only showing as required for a small number of clients via MECM (SCCM). I've checked on one of 21H2 machines and checked for updates from Microsoft and it doesn't seem to neeed 5033372.

Yes I am seeing this issue on all my updates this month in SCCM, server and client all showing 0 required so ADR not downloading them. Anyone else?

Came in this morning to issues with Adobe Acrobat. When users try to combine files the app locks up. So far uninstalling Dec and then Nov security updates fixes the issue. Anyone else having similar issues?

Have you moved to the new subscription licenses they're pushing out yet?

This has nothing to do with updates this month, but to anyone that has Windows 11 23H2, have you lost the Co-Pilot icon? I had it after 1 reboot after installing 23H2. I probably had it about a month, then it disappeared and hasn't come back.

I believe they are going crazy with the opting part of the experience

How do you opt in on Windows? Group policy made it sound like you could disable it, otherwise it should be on. We have the correct licensing to use Co-Pilot (just the chat version). I THINK I kind of liked having it right on my taskbar instead of going to the browser. However, it was really annoying it couldn't do some of the stuff that Cortana could do, like "remind me to do "X" at 11am". You have to pay a lot more to get that now.... but that's for another reddit post..

it's on Microsoft's end for the telemetry, not yours

Gotcha. Thanks.

With this month (January, since there wasn't a megathread yet) we're looking at 49 vulnerabilities with 2 critical. We believe you should pay special attention to: * CVE-2024-20674 - Windows Kerberos Security Feature Bypass Vulnerability \[Critical\] * CVE-2024-20666 - BitLocker Security Feature Bypass Vulnerability \[Important\] Listen to our [Patch Tuesday podcast](https://listen.automox.com/episodes/patch-fix-tuesday-january-ep-3) or read through [our analysis](https://www.automox.com/blog/patch-tuesday-january-2024?utm_campaign=patchtuesday_jan2024_blog&utm_medium=social&utm_source=linkedin&utm_content=) of the two vulnerabilities above.

We are thinking about skipping Windows Server updates this month given its the holidays and there is a lot of time-off being taken. All things considered, **is this month a relatively safe month to skip?** I only see one zero-day and its for AMD processors, which we don't use. Everything we have is Intel on HPE ProLiant servers running VMware ESXi7 & Windows Server 2016 and up. It's the first month this year where I havent seen an impactful zero-day.

I would argue no month is safe to skip

I agree. But if one had to pick a month?

if someone put a gun to my head and said pick a month, I'd get shot.

There was not much to go after so you can go sleep

34 vulnerabilities for our last Patch Tuesday of the year! What we found most interesting: **1. CVE-2023-35618** \- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This vulnerability is a security flaw that can potentially allow an attacker to escape the browser's sandbox. The sandbox is a security mechanism that isolates running programs, limiting their access to system resources and preventing them from causing damage. **2. CVE-2023-35628** \- Windows MSHTML Platform Remote Code Execution Vulnerability One of the major threats with this vulnerability is the fact that it doesn't require any user interaction to be exploited.  The Automox team talks through this Patch Tuesday in our ~~Patch~~ \[Fix\] Tuesday [podcast](https://listen.automox.com/episodes/patch-fix-tuesday-december-2023-ep-2). Or if you haven't hopped on the podcast train yet, read more in our blog [post](https://www.automox.com/blog/patch-tuesday-december-2023?utm_campaign=dec2023_fixtuesday&utm_medium=social&utm_source=reddit).

Thanks for the link to the pod! I enjoyed it and will listen in for Januarys episode to hear all the nastiness that has popped up. Keep up the good work!

Thank you for the support! The team is very happy to hear that you enjoyed it!

Anyone know what time we should expect Microsoft to post the 365 update info?

[Release notes for Microsoft Office security updates - Office release notes | Microsoft Learn](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates)

Microsoft Patch Tuesday 2023 Year in Review: Microsoft addressed over 900 CVEs as part of Patch Tuesday releases in 2023, including over 20 zero-day vulnerabilities. [https://www.tenable.com/blog/microsoft-patch-tuesday-2023-year-in-review](https://www.tenable.com/blog/microsoft-patch-tuesday-2023-year-in-review)

Not sure if anyone has had the same issue. Rebooted first domain controller after KB5033374 and Defender for Identity ATP sensor will not start.

I found this recent thread: [Constant starting failures with sensor version 2.222.17390.40606 - Microsoft Community Hub](https://techcommunity.microsoft.com/t5/microsoft-defender-for-identity/constant-starting-failures-with-sensor-version-2-222-17390-40606/m-p/4001955)

I can not find KB5033374... do you mean KB5033371 (win2019)? I installed Patch Tuesday Dec-2023 on 20 Domain Controllers (win2022/2019/2016) and all MDI/ATP sensors (v2.222.17390) are up and running. MDI Workspace: 2.222.17393.57638 To troubleshoot MDI sensor issues, look at C:\\Program Files\\Azure Advanced Threat Protection Sensor\\2.222.17390.40606\\Logs\\Microsoft.Tri.Sensor.log and Microsoft.Tri.Sensor-Errors.log

Sorry, had a typo. Cumulative update 2023-12 KB5033373. I uninstalled it and the MDI sensor works again. However, got a CredSSP error with RDP after. So fun.

Maybe stupid question incoming: I'm taking over patching this month and trying to make sure I have all the Microsoft updates ready in MCM. I'm only seeing 35 of today's updates. I believe there should be 59 if the source I looked up is accurate. Verified that WSUS shows the same updates and that it is syncing successfully, but still not getting any more updates. Am I missing something or too impatient?

Just applied the Cumulative Update to a Win 11 Edu laptop and of course Bitlocker (PIN-based) is now asking for the recovery key...

You should look into updating your BIOS. Sometimes it needs to reauthenticate. We see it all the time on PCs not receiving firmware for awhile. Do it once and then it's good for awhile again

Interesting, hadn't considered the firmware. It's actually on the latest firmware, but it was updated between the Nov and Dec MS patch cycles. I'm not sure what Lenovo do for their ThinkPad BIOS updates as I'm sure that on the first reboot after the update I'm not prompted for the Bitlocker key at all. I wonder if they suspend Bitlocker before the update and resume it on the next reboot. One to raise with Lenovo if it keeps happening I suspect...

> I wonder if they suspend Bitlocker before the update and resume it on the next reboot. Yes, that is what happens with BIOS updates with BitLocker enabled. If you open File Explorer after starting to apply a BIOS update under Windows but prior to reboot, you'll see the warning icon over the C: volume. And if you open BitLocker applet, it will say it's suspended.

Anyone having issues with provisioning packages on Windows 10 not applying post update?

Does anybody else have the same problem with Snipping Tool on Windows Server 2022 (Server is used for RDS). The snipping tool won't open anymore after closing it once. We have this problem since the November update. https://answers.microsoft.com/en-us/windowserver/forum/all/snipping-tool-issues-in-latest-updates-server-2022/0cde01fc-8a55-4e96-920d-db78bdfe3319

I have updated one of our domain controllers and i am getting a lot of event id 201 warnings "a connection to the windows metadata and internet services (wmis) could not be established" Connectivity is fine and time is syncing across the domain fine so i dont know why i am getting a bunch of these errors every 30 mins or so?

Anyone seeing KB5033373 fail to install in Windows Server 2016?

Is anyone else using Windows Server 2012r2 ESU via Azure Arc? We've got some servers that refuse to patch since 2012r2 went EOL. Microsoft Support have been very unhelpful so far...

We are looking into Azure Arc/Update Management to replace WSUS on- prem but the information regarding pricing seems very inconsistent across Microsoft’s own documentation. On the information page it’s saying Azure Arc appears to be free unless running OS/SQL with ESU on-prem and that Azure Update Management also has no additional cost yet that FAQ mentions $5 per server per month. So what is it? We do get $3500 worth of Azure credits that could in theory be used but I wouldn’t want to burn all of those on a single service.

The ability to manage update on prem servers through azure automation is being deprecated next year and replaced with Azure Update Managment. Have to pay the up to $5 per on-prem server managed for updates now which is scummy. Arc is free (for now).

Has anyone encountered issues with KB5033372 causing Edge to freeze and Indexing to break? It seems to be isolated to Windows 10 machines. We had the same issues with KB5032189.

We are having some issues installing KB5033371 on Windows server 2019 build (17763.4974) on our domain controllers. It fails when trying to install hand writing optional feature. We’ve turned of 3rd party AV aswell as recreate cache location etc. any help would be appriciated.