Patch Tuesday gets off to a busy start for January
For this week’s Patch Tuesday, the first of the year, Microsoft addressed 97 security issues, six of them rated critical. Though six vulnerabilities have been publicly reported, I do not classify them as zero-days. Microsoft has fixed a lot of security related issues and is aware of several known issues that may have inadvertently caused significant server issues including:
- Hyper-V, which no longer starts with the message, “Virtual machine xxx could not be started because the hypervisor is not running.”
- ReFS (Resilient) file systems that are no longer accessible (which is kind of ironic).
- And Windows domain controller boot loops.
There are a variety of known issues this month, and I’m not sure whether we’ll see more issues reported with the January server patches. You can find more information on the risk of deploying these latest updates with our helpful infographic.
Key testing scenarios
There are no reported high-risk changes to the Windows platform this month. However, there is one reported functional change, and an additional feature added.
- Test local and remote printing and test printing over RDP.
- Test site-to-site VPN, including new and existing connections.
- Test reading or processing ETL files.
- Check starting and stopping Hyper-V on your servers.
- Run Transactional NTFS (TxF) and CLFS test scenarios while including tests for ReFS file I/O transfers.
Known issues
Each month, Microsoft includes a list of known issues that relate to the operating system and platforms included in this update cycle. I’ve referenced a few key issues that relate to the company’s latest builds, including:
- SharePoint Server: Most users cannot access Web.config files in SharePoint Server. The affected group of users does not include farm administrators, local administrators, or members who are managed by the system. For more information, see Users cannot access Web.config files in SharePoint Server (KB5010126).
- After installing the June 21, 2021 (KB5003690) update, some devices cannot install new ones, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, “PSFX_E_MATCHING_BINARY_MISSING.” For more information and a workaround, see Source…
Huawei EMUI January 2022 Updates List
Huawei has started to rollout stable EMUI 12 software update for the Mate 40 Pro smartphone in the global market. This software rollout is noted alongside Huawei P40 series devices that now also have the access to the latest EMUI 12 version. Still, availability is a major concern for the consumers as the program will definitely expand gradually.
As reported by Huaweiblog, the stable EMUI 12 for Huawei Mate 40 Pro comes with EMUI version 12.0.0.218. Since it’s a major software update, you might have to download a gigabyte-sized software package via the OTA method. therefore, it’s recommended to use a WiFi connection, so it won’t consume your mobile data.
All things aside, EMUI 12 brings a set of new features and the changelog of this software update will surely make Huawei Mate 40 Pro users happy. Talking about the features, you’ll get new EMUI fonts, better user interface, enhanced animation effects as compared to EMUI 11, improved system security and performance, and last but not least there’s a feature called notification center and control panel that you should definitely check, once you get access to the EMUI 12 software build.
How can you download this rollout?
Before you begin, make sure you have a sufficient amount of storage to download and store the update package. Also, maintain optimum battery level, so you won’t run out of power.
You just need to access your phone, open Settings, tap on System & updates, followed by Software updates. From there click on “CHECK FOR UPDATES”, the phone will check for software updates. Once available, the systme will pop up the software update information and let you know that the software is ready to download, then click on DOWNLOAD AND INSTALL.
(image source – huaweiblog)
After downloading the software update, the will begin the installation process, which may take a few minutes. Post-installation, the phone will optimize the application for the first use case and it’s also suggested to check for app updates via the AppGallery to get the best app compatibility possible with this new EMUI software.
January 2022 Patch Tuesday forecast: Old is new again
Welcome to 2022 and a new year of patch management excitement! I’m rapidly approaching 40 years working in this industry and I can honestly say there is rarely a dull day. If you are willing to take on the challenges presented, it is a great industry to work in and I hope you all are excited to start the new year too. Let’s look at some recent events which will be influencing this month’s patch releases.
I closed out last month’s forecast article calling 2021 the ‘year of supply chain attacks’ and that trend is continuing. Malware in the Atera Remote Management Software is taking advantage of Microsoft’s digital signature verification vulnerabilities from as far back as 2012 to load ZLoader and steal account credentials.
Even though these vulnerabilities were fixed, the changes are not enabled by default. Microsoft Security Advisory 2915720 from 2017 provides more details on the Authenticode and WinVerify Trust functionality with recommendations for action. Despite the old vulnerabilities, this is a new attack and I’m sure we will be hearing more from Microsoft, with potential changes in next week’s patches.
The zero-day vulnerability in the Apache Log4j Java-based logging library took the software industry by storm in mid-December. This library is widely used in both enterprise and cloud service software. Even though Apache released the zero-day fix for CVE-2021-44228, it takes a while for companies who use this library to update, test, and release a new version.
To complicate the situation, a total of four additional CVEs associated with the Log4Shell bug have been identified in the last month, the latest being CVE-2021-44832. Keeping the industry churning, Apache released multiple updates with this library, now up to version 2.17.1. SaaS products can be quickly updated under DevOps but updating traditional software products in the field can take much longer, leaving them vulnerable to exploitation.
Microsoft has been busy leading up to the first Patch Tuesday of 2022. It released an out-of-band update for Windows servers that “experience a black screen, slow sign in, or general slowness,” These updates were initially a limited release, but are…
January 2022 HarmonyOS Mobile security patch details released
Recently, Huawei has released the latest January 2022 security patch details for the HarmonyOS system that protect the device against threats. Now, there is a huge number of Huawei devices running on HarmonyOS 2.0 software in the Chinese market.
In December 2021, Huawei completed the HarmonyOS rollout to eligible devices including the very old flagship Mate 9 and P10. Currently, HarmonyOS 2.0 software system is limited to the Chinese market.
Earlier, it was reported that Huawei will debut HarmonyOS for the global consumer in 2022. But, we have received an official reply from Huawei on this matter, the company clearly mentioned that currently, there is no plan for smartphones outside China to upgrade to HarmonyOS. Read more
Yes! this news is really disappointing but global users do not need to worry because Huawei is currently delaying the HarmonyOS plan due to some reasons. Until then, you can enjoy EMUI 12 that comes with HarmonyOS vibes.
On the other hand, on December 23, 2021, at the Huawei flagship launch conference, Huawei CBG CEO – Richard Yu announced that HarmonyOS reached 300 million devices among them 200 million is from Huawei and 100 million third parties.
To be mentioned, there are a lot of activities going inside Huawei including preparation for the next version, HarmonyOS 3.0. But, it doesn’t affect the monthly software and security update rollout for its devices.
HarmonyOS 2.0 January 2022 security patch:
The January 2022 security patch brings fixes for 1 high and 3 medium level CVE in the framework, 5 high and 5 medium levels of CVEs in the system, 3 high and 2 medium levels of CVEs in the application. However, it doesn’t resolve any CVE in the kernel this time.
Likewise, it fixes a massive count of 111 CVEs found in the third-party libraries. If the security patch of your Huawei phone or tablet is 2022-01-01 or later, all issues described in this update and the HarmonyOS Security Bulletin – January 2022 have been resolved.
Note – CVE – CVE, short for Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they mean a security flaw that’s been assigned a CVE ID…