Connect with us

Cyber Security

Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws

Published

on

Today is Microsoft’s November 2022 Patch Tuesday, and with it comes fixes for six actively exploited Windows vulnerabilities and a total of 68 flaws.

Eleven of the 68 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow privilege elevation, spoofing, or remote code execution, one of the most severe types of vulnerabilities.

The number of bugs in each vulnerability category is listed below:

  • 27 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 16 Remote Code Execution Vulnerabilities
  • 11 Information Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities

The above counts do not include two OpenSSL vulnerabilities disclosed on November 2nd.

For information about the non-security Windows updates, you can read today’s articles on the Windows 10 KB5019959 and KB5019966 updates and the Windows 11 KB5019980 and KB5019961 updates.

Six actively exploited zero-days fixed

This month’s Patch Tuesday fixes six actively exploited zero-day vulnerabilities, with one being publicly disclosed.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The six actively exploited zero-day vulnerabilities fixed in today’s updates are:

CVE-2022-41128 – Windows Scripting Languages Remote Code Execution Vulnerability discovered by Clément Lecigne of Google’s Threat Analysis Group

“This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.”

CVE-2022-41091 – Windows Mark of the Web Security Feature Bypass Vulnerability discovered by Will Dormann.

“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.”

This security updates fixes two Mark of the Web bypasses discovered by Dormann, who demonstrated how a specially crafted Zip file can be created to bypass the Windows security feature.

Today, Dormann provided more details on how to create the Zip file and exploit this vulnerability, which is simply to create a ZIP archive containing a read-only file.

CVE-2022-41073 – Windows Print Spooler Elevation of Privilege Vulnerability discovered by Microsoft Threat Intelligence Center (MSTIC).

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”

CVE-2022-41125 – Windows CNG Key Isolation Service Elevation of Privilege Vulnerability discovered by Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”

CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability discovered by GTSC and disclosed through Zero Dat initiative.

“The privileges acquired by the attacker would be the ability to run PowerShell in the context of the system.”

CVE-2022-41082 – Microsoft Exchange Server Remote Code Execution Vulnerability discovered by GTSC and disclosed through Zero Dat initiative.

“The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call.”

More information about the above Microsoft Exchange vulnerabilities can be found in the next section.

Microsoft Exchange ProxyNotShell zero-days fixed

Microsoft has released security updates for two actively exploited zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also dubbed ProxyNotShell.

These vulnerabilities were disclosed in late September by Vietnamese cybersecurity firm GTSC, who first spotted the flaws used in attacks.

The vulnerabilities were reported to Microsoft through the Zero Day Initiative program.

Today, Microsoft has fixed the ProxyNotShell vulnerabilities in the KB5019758 security update for Microsoft Exchange Server 2019, 2016, and 2013.

Recent updates from other companies

Other vendors who released updates in November 2022 include:

The November 2022 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the November 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

TagCVE IDCVE TitleSeverity
.NET FrameworkCVE-2022-41064.NET Framework Information Disclosure VulnerabilityImportant
AMD CPU BranchCVE-2022-23824AMD: CVE-2022-23824 IBPB and Return Address Predictor InteractionsImportant
AzureCVE-2022-39327GitHub: CVE-2022-39327 Improper Control of Generation of Code (‘Code Injection’) in Azure CLICritical
AzureCVE-2022-41085Azure CycleCloud Elevation of Privilege VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-41051Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Linux KernelCVE-2022-38014Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege VulnerabilityImportant
Microsoft DynamicsCVE-2022-41066Microsoft Business Central Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2022-41040Microsoft Exchange Information Disclosure VulnerabilityCritical
Microsoft Exchange ServerCVE-2022-41082Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft Exchange ServerCVE-2022-41078Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2022-41080Microsoft Exchange Server Elevation of Privilege VulnerabilityCritical
Microsoft Exchange ServerCVE-2022-41079Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Exchange ServerCVE-2022-41123Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-41113Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-41052Windows Graphics Component Remote Code Execution VulnerabilityImportant
Microsoft OfficeADV220003Microsoft Defense in Depth UpdateImportant
Microsoft OfficeCVE-2022-41105Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2022-41107Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2022-41104Microsoft Excel Security Feature Bypass VulnerabilityImportant
Microsoft Office ExcelCVE-2022-41063Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2022-41106Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-41122Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2022-41062Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2022-41103Microsoft Word Information Disclosure VulnerabilityImportant
Microsoft Office WordCVE-2022-41061Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2022-41060Microsoft Word Information Disclosure VulnerabilityImportant
Network Policy Server (NPS)CVE-2022-41056Network Policy Server (NPS) RADIUS Protocol Denial of Service VulnerabilityImportant
Network Policy Server (NPS)CVE-2022-41097Network Policy Server (NPS) RADIUS Protocol Information Disclosure VulnerabilityImportant
Open Source SoftwareCVE-2022-3786OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrunUnknown
Open Source SoftwareCVE-2022-3602OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrunUnknown
Role: Windows Hyper-VCVE-2022-38015Windows Hyper-V Denial of Service VulnerabilityCritical
SysInternalsCVE-2022-41120Microsoft Windows Sysmon Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2022-39253GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by defaultImportant
Visual StudioCVE-2022-41119Visual Studio Remote Code Execution VulnerabilityImportant
Windows Advanced Local Procedure CallCVE-2022-41093Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege VulnerabilityImportant
Windows ALPCCVE-2022-41045Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege VulnerabilityImportant
Windows ALPCCVE-2022-41100Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege VulnerabilityImportant
Windows Bind Filter DriverCVE-2022-41114Windows Bind Filter Driver Elevation of Privilege VulnerabilityImportant
Windows BitLockerCVE-2022-41099BitLocker Security Feature Bypass VulnerabilityImportant
Windows CNG Key Isolation ServiceCVE-2022-41125Windows CNG Key Isolation Service Elevation of Privilege VulnerabilityImportant
Windows Devices Human InterfaceCVE-2022-41055Windows Human Interface Device Information Disclosure VulnerabilityImportant
Windows Digital MediaCVE-2022-41095Windows Digital Media Receiver Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2022-41096Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows Extensible File AllocationCVE-2022-41050Windows Extensible File Allocation Table Elevation of Privilege VulnerabilityImportant
Windows Group Policy Preference ClientCVE-2022-37992Windows Group Policy Elevation of Privilege VulnerabilityImportant
Windows Group Policy Preference ClientCVE-2022-41086Windows Group Policy Elevation of Privilege VulnerabilityImportant
Windows HTTP.sysCVE-2022-41057Windows HTTP.sys Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2022-37967Windows Kerberos Elevation of Privilege VulnerabilityCritical
Windows KerberosCVE-2022-41053Windows Kerberos Denial of Service VulnerabilityImportant
Windows KerberosCVE-2022-37966Windows Kerberos RC4-HMAC Elevation of Privilege VulnerabilityCritical
Windows Mark of the Web (MOTW)CVE-2022-41049Windows Mark of the Web Security Feature Bypass VulnerabilityImportant
Windows Mark of the Web (MOTW)CVE-2022-41091Windows Mark of the Web Security Feature Bypass VulnerabilityImportant
Windows NetlogonCVE-2022-38023Netlogon RPC Elevation of Privilege VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2022-41058Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows ODBC DriverCVE-2022-41047Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-41048Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows Overlay FilterCVE-2022-41101Windows Overlay Filter Elevation of Privilege VulnerabilityImportant
Windows Overlay FilterCVE-2022-41102Windows Overlay Filter Elevation of Privilege VulnerabilityImportant
Windows Point-to-Point Tunneling ProtocolCVE-2022-41044Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Point-to-Point Tunneling ProtocolCVE-2022-41116Windows Point-to-Point Tunneling Protocol Denial of Service VulnerabilityImportant
Windows Point-to-Point Tunneling ProtocolCVE-2022-41090Windows Point-to-Point Tunneling Protocol Denial of Service VulnerabilityImportant
Windows Point-to-Point Tunneling ProtocolCVE-2022-41039Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Point-to-Point Tunneling ProtocolCVE-2022-41088Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Print Spooler ComponentsCVE-2022-41073Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-41054Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant
Windows ScriptingCVE-2022-41118Windows Scripting Languages Remote Code Execution VulnerabilityCritical
Windows ScriptingCVE-2022-41128Windows Scripting Languages Remote Code Execution VulnerabilityCritical
Windows Win32KCVE-2022-41092Windows Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2022-41109Windows Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2022-41098Windows GDI+ Information Disclosure VulnerabilityImportant

Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2022-patch-tuesday-fixes-6-exploited-zero-days-68-flaws/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO