Patch Tuesday November 2022

Patch Tuesday November 2022: a shower of security updates for your small business.

Patch Tuesday November 2022

I frequently get questions about patching and why do this every month. I wrote a Patch Primer for Small Business to help with these questions. This blog focuses on the patches you need this month for your business.

Apple Bytes

I wish Apple decided on a regular schedule for product updates (like other vendors using the 2nd Tuesday of the month, Patch Tuesday).  Apple released different patches on two different days already this month.

November 9th Apple released iOS 16.1.1 and iPadOS 16.1.1. Apple also released macOS Ventura 13.0.1 the same day.

November 1st Apple released an update to Xcode that affects macOS Monterey and higher. What is Xcode? Developers use Xcode to create software for Apple products. This patch fixed a security hole in that code. Details on latest Apple security patches here.

Important news for businesses running Apple: Apple confirmed in late October that only the latest operating systems are getting fully protected by patches. Your cyber insurance will not cover losses if you are not running the most recent Apple operating systems.

OpenVPN and OpenSSL3

During the start of COVID a lot of businesses switched to remote work using VPN to access office servers and file shares. VPN software requires security updates. This month developers released a critical security patch to OpenSSL3 commonly used in VPN software such as OpenVPN.

If you’re using OpenVPN you should update to the latest version, 2.5.7. You can download that here. If you’re using another VPN software check with the vendor for security updates.

Microsoft Mayhem

Microsoft giveth, taketh away and retrofiteth its bounty this month.

November 8th Microsoft released patches to fix bugs, six of which are already being used by hackers in the wild. Unfortunately one of the patches for Windows Server broke authentication. Microsoft has since released a retrofit patch to fix that problem. In theory the patch for the patch will install itself automatically with no need for reboot.

Belatedly Microsoft has finally fixed a problem with drivers for Windows 10. Windows 10 was supposed to validate a hardware driver as safe before installing. The driver check mechanism in Windows 10 has not been working for over three years leaving users vulnerable to malicious drivers. Microsoft is slowly releasing this update to computers. If you get a feature update for Windows 10 option in the Updates section, install it.

Zoom Desktop Software

Zoom has enabled automatic updates to their desktop software and will now require a minimum version. If you use the software for Zoom meetings this means you may be forced to install the update before you can attend a meeting. I always recommend you prep your computer the night before a zoom meeting to run updates. You can add updating the zoom client software to this routine.

Adobe Angst

Adobe skipped the November patching party. Saving it for Christmas? This is the first month in many years Adobe has not released any security updates for its many products.

Be sure to schedule some time this month to patch all your devices. An ounce of patching is cheaper than a pound of hacking.