Cyber Security
Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws
Published
2 years agoon
By
GFiuui45fgToday is Microsoft’s November 2022 Patch Tuesday, and with it comes fixes for six actively exploited Windows vulnerabilities and a total of 68 flaws.
Eleven of the 68 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow privilege elevation, spoofing, or remote code execution, one of the most severe types of vulnerabilities.
The number of bugs in each vulnerability category is listed below:
- 27 Elevation of Privilege Vulnerabilities
- 4 Security Feature Bypass Vulnerabilities
- 16 Remote Code Execution Vulnerabilities
- 11 Information Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 3 Spoofing Vulnerabilities
The above counts do not include two OpenSSL vulnerabilities disclosed on November 2nd.
For information about the non-security Windows updates, you can read today’s articles on the Windows 10 KB5019959 and KB5019966 updates and the Windows 11 KB5019980 and KB5019961 updates.
Six actively exploited zero-days fixed
This month’s Patch Tuesday fixes six actively exploited zero-day vulnerabilities, with one being publicly disclosed.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
The six actively exploited zero-day vulnerabilities fixed in today’s updates are:
CVE-2022-41128 – Windows Scripting Languages Remote Code Execution Vulnerability discovered by Clément Lecigne of Google’s Threat Analysis Group
“This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.”
CVE-2022-41091 – Windows Mark of the Web Security Feature Bypass Vulnerability discovered by Will Dormann.
“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.”
This security updates fixes two Mark of the Web bypasses discovered by Dormann, who demonstrated how a specially crafted Zip file can be created to bypass the Windows security feature.
Today, Dormann provided more details on how to create the Zip file and exploit this vulnerability, which is simply to create a ZIP archive containing a read-only file.
CVE-2022-41073 – Windows Print Spooler Elevation of Privilege Vulnerability discovered by Microsoft Threat Intelligence Center (MSTIC).
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”
CVE-2022-41125 – Windows CNG Key Isolation Service Elevation of Privilege Vulnerability discovered by Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”
CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability discovered by GTSC and disclosed through Zero Dat initiative.
“The privileges acquired by the attacker would be the ability to run PowerShell in the context of the system.”
CVE-2022-41082 – Microsoft Exchange Server Remote Code Execution Vulnerability discovered by GTSC and disclosed through Zero Dat initiative.
“The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call.”
More information about the above Microsoft Exchange vulnerabilities can be found in the next section.
Microsoft Exchange ProxyNotShell zero-days fixed
Microsoft has released security updates for two actively exploited zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also dubbed ProxyNotShell.
These vulnerabilities were disclosed in late September by Vietnamese cybersecurity firm GTSC, who first spotted the flaws used in attacks.
The vulnerabilities were reported to Microsoft through the Zero Day Initiative program.
Today, Microsoft has fixed the ProxyNotShell vulnerabilities in the KB5019758 security update for Microsoft Exchange Server 2019, 2016, and 2013.
Recent updates from other companies
Other vendors who released updates in November 2022 include:
- Apple released Xcode 14.1 with numerous security updates.
- Cisco released security updates for numerous products this month.
- Citrix released security updates for a ‘Critical’ authentication bypass in Citrix ADA and Gateway.
- Google released Android’s November security updates.
- Intel released the November 2022 security updates.
- OpenSSL released security updates for CVE-2022-3602 and CVE-2022-3786.
- SAP has released its November 2022 Patch Day updates.
The November 2022 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities and released advisories in the November 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET Framework | CVE-2022-41064 | .NET Framework Information Disclosure Vulnerability | Important |
AMD CPU Branch | CVE-2022-23824 | AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions | Important |
Azure | CVE-2022-39327 | GitHub: CVE-2022-39327 Improper Control of Generation of Code (‘Code Injection’) in Azure CLI | Critical |
Azure | CVE-2022-41085 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
Azure Real Time Operating System | CVE-2022-41051 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
Linux Kernel | CVE-2022-38014 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | Important |
Microsoft Dynamics | CVE-2022-41066 | Microsoft Business Central Information Disclosure Vulnerability | Important |
Microsoft Exchange Server | CVE-2022-41040 | Microsoft Exchange Information Disclosure Vulnerability | Critical |
Microsoft Exchange Server | CVE-2022-41082 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
Microsoft Exchange Server | CVE-2022-41078 | Microsoft Exchange Server Spoofing Vulnerability | Important |
Microsoft Exchange Server | CVE-2022-41080 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
Microsoft Exchange Server | CVE-2022-41079 | Microsoft Exchange Server Spoofing Vulnerability | Important |
Microsoft Exchange Server | CVE-2022-41123 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2022-41113 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2022-41052 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
Microsoft Office | ADV220003 | Microsoft Defense in Depth Update | Important |
Microsoft Office | CVE-2022-41105 | Microsoft Excel Information Disclosure Vulnerability | Important |
Microsoft Office | CVE-2022-41107 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2022-41104 | Microsoft Excel Security Feature Bypass Vulnerability | Important |
Microsoft Office Excel | CVE-2022-41063 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2022-41106 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2022-41122 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
Microsoft Office SharePoint | CVE-2022-41062 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
Microsoft Office Word | CVE-2022-41103 | Microsoft Word Information Disclosure Vulnerability | Important |
Microsoft Office Word | CVE-2022-41061 | Microsoft Word Remote Code Execution Vulnerability | Important |
Microsoft Office Word | CVE-2022-41060 | Microsoft Word Information Disclosure Vulnerability | Important |
Network Policy Server (NPS) | CVE-2022-41056 | Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability | Important |
Network Policy Server (NPS) | CVE-2022-41097 | Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability | Important |
Open Source Software | CVE-2022-3786 | OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun | Unknown |
Open Source Software | CVE-2022-3602 | OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun | Unknown |
Role: Windows Hyper-V | CVE-2022-38015 | Windows Hyper-V Denial of Service Vulnerability | Critical |
SysInternals | CVE-2022-41120 | Microsoft Windows Sysmon Elevation of Privilege Vulnerability | Important |
Visual Studio | CVE-2022-39253 | GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default | Important |
Visual Studio | CVE-2022-41119 | Visual Studio Remote Code Execution Vulnerability | Important |
Windows Advanced Local Procedure Call | CVE-2022-41093 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important |
Windows ALPC | CVE-2022-41045 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important |
Windows ALPC | CVE-2022-41100 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important |
Windows Bind Filter Driver | CVE-2022-41114 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | Important |
Windows BitLocker | CVE-2022-41099 | BitLocker Security Feature Bypass Vulnerability | Important |
Windows CNG Key Isolation Service | CVE-2022-41125 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Important |
Windows Devices Human Interface | CVE-2022-41055 | Windows Human Interface Device Information Disclosure Vulnerability | Important |
Windows Digital Media | CVE-2022-41095 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | Important |
Windows DWM Core Library | CVE-2022-41096 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important |
Windows Extensible File Allocation | CVE-2022-41050 | Windows Extensible File Allocation Table Elevation of Privilege Vulnerability | Important |
Windows Group Policy Preference Client | CVE-2022-37992 | Windows Group Policy Elevation of Privilege Vulnerability | Important |
Windows Group Policy Preference Client | CVE-2022-41086 | Windows Group Policy Elevation of Privilege Vulnerability | Important |
Windows HTTP.sys | CVE-2022-41057 | Windows HTTP.sys Elevation of Privilege Vulnerability | Important |
Windows Kerberos | CVE-2022-37967 | Windows Kerberos Elevation of Privilege Vulnerability | Critical |
Windows Kerberos | CVE-2022-41053 | Windows Kerberos Denial of Service Vulnerability | Important |
Windows Kerberos | CVE-2022-37966 | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | Critical |
Windows Mark of the Web (MOTW) | CVE-2022-41049 | Windows Mark of the Web Security Feature Bypass Vulnerability | Important |
Windows Mark of the Web (MOTW) | CVE-2022-41091 | Windows Mark of the Web Security Feature Bypass Vulnerability | Important |
Windows Netlogon | CVE-2022-38023 | Netlogon RPC Elevation of Privilege Vulnerability | Important |
Windows Network Address Translation (NAT) | CVE-2022-41058 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
Windows ODBC Driver | CVE-2022-41047 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
Windows ODBC Driver | CVE-2022-41048 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
Windows Overlay Filter | CVE-2022-41101 | Windows Overlay Filter Elevation of Privilege Vulnerability | Important |
Windows Overlay Filter | CVE-2022-41102 | Windows Overlay Filter Elevation of Privilege Vulnerability | Important |
Windows Point-to-Point Tunneling Protocol | CVE-2022-41044 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Point-to-Point Tunneling Protocol | CVE-2022-41116 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | Important |
Windows Point-to-Point Tunneling Protocol | CVE-2022-41090 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | Important |
Windows Point-to-Point Tunneling Protocol | CVE-2022-41039 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Point-to-Point Tunneling Protocol | CVE-2022-41088 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Print Spooler Components | CVE-2022-41073 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Resilient File System (ReFS) | CVE-2022-41054 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
Windows Scripting | CVE-2022-41118 | Windows Scripting Languages Remote Code Execution Vulnerability | Critical |
Windows Scripting | CVE-2022-41128 | Windows Scripting Languages Remote Code Execution Vulnerability | Critical |
Windows Win32K | CVE-2022-41092 | Windows Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2022-41109 | Windows Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2022-41098 | Windows GDI+ Information Disclosure Vulnerability | Important |