Microsoft April 2023 Patches Appears to Break GlobalProtect 6.0.3-38 x64 on Win10 22H2 x64

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Microsoft April 2023 Patches Appears to Break GlobalProtect 6.0.3-38 x64 on Win10 22H2 x64

L2 Linker

I applied the April patches and rebooted and GlobalProtect is broken.  PanGPS service was not running.  I rolled back to my snapshot before updates and all is well.  I will be doing more testing to see what I can learn, but thought I would post here to ask if others had tested the patches in a VM with the same version of GP?   My Win10 21H2 OS does not have any issues.

3 REPLIES 3

L2 Linker

There are no issues with the April patches on 22H2.  Instead it appears the VMs for those versions were struggling to startup after patching and once I removed some older snapshots on the host side the performance issues went away in the VM so PanGPS started correctly.

 

I do think the design and execution of GlobalProtect could and should be improved.  Employees do NOT have any rights to tinker with PanGPS.  So if this service is not running after startup, there should be some logic built into the app to start the  service...don't just squawk about it not running...FIX it if you can by trying to start again after some period of time.  Since PanGPS v6.0.3 does not have any other dependencies there is just no reason to not have it take care of itself.  So it looks like PanGPS was written by someone who thinks UDP is the "bees knees" when we all know it is a horrible protocol if you need your data to get there... TCP handles that reliably well, but with a performance penalty so "individuals" seem to lust after UDP instead.  PanGPS suffers the same way... whatever part of GlobalProtect says to "start PanGPS" has no fault tolerance for the service not being able to start if there is a lack of resources which is a defect in my book.  GlobalProtect should be able to try starting the PanGPS service if it fails to start at boot.

Cyber Elite
Cyber Elite

Would be good idea to upgrade GP version.

https://security.paloaltonetworks.com/CVE-2023-0006

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Thanks for sharing the CVE.  I typically get those via email as published but have been out on holiday recently.

  • 1949 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!