Windows 10 & 11 22H2 Rollout and Netlogon Protocol Changes
As we move into the second quarter of 2023, several important patching updates have been released that warrant attention. These updates include critical Windows 10 & 11 changes, Netlogon Protocol and more. Here are the key updates from April.
Windows 10 & 11 22H2:
Feature Update version 22H2 for Windows 10 and 11 is in its final rollout phase. Microsoft is offering this update to an expanded set of eligible devices running Windows 10, version 20H2, and later versions. We at OneNeck recommend updating your devices to ensure future security updates install on your systems. This upgrade is not automatic via standard patching, so manual installation is necessary.
Devices that utilize BitLocker require a manual update to the Windows Recovery Environment for Windows 10 & 11. We recommend manually applying this update wherever applicable. If you have questions about how OneNeck can assist you with these processes, please contact the Service Desk.
Netlogon Protocol Changes – CVE-2022-38023:
Windows has released significant updates to address the Netlogon protocol vulnerability (CVE-2022-38023). This security patch for Domain Controllers was first included in the November 8, 2022, and later Windows updates, with the initial enforcement phase starting on April 11, 2023. Beginning in June 2023, Enforcement mode will be enabled on all Windows domain controllers and will block vulnerable connections from non-compliant devices. By July 2023, the ability to set the Compatibility mode setting will be removed.
We recommend auditing for events related to this update. If you have contracted with OneNeck for Active Directory Management, we will notify you if we suspect you might be affected by these changes.
Please note that NetApp has provided guidance regarding the impact of the upcoming patch on ONTAP 9.
Active Directory Permission Updates – CVE-2021-42291:
The final deployment for the Active Directory Permission Updates (CVE-2021-42291) is now scheduled for January 2024, pushed back from the original date of April 2023. If you have questions about how OneNeck can assist you with enabling Audit Mode and monitoring for Events related to this vulnerability, please contact our experts.
Certificate-based Authentication Changes on Windows Domain Controllers:
The final deployment of updates related to certificate-based authentication changes on Windows Domain Controllers is now set for November 2023, moved back from the initial May 2023 date. The initial deployment of this patch for Domain Controllers began in May 2022. If you have questions regarding enabling Audit Mode and monitoring for Events related to this vulnerability, OneNeck is ready to assist.
OneNeck Has Your Back!
As always, we at OneNeck are here to support you through these changes. Reach out to us if you need assistance or have any queries. Stay safe and secure!
Additional Resources: