Welcome to our summary of this month’s Patch Tuesday (November 2022). We have tabulated the vulnerabilities that the latest patches from Microsoft, so that you can easily export them for use in your vulnerability management program.

Prism users have already benefited from the platform’s Active Exploit Detection, which automatically alerts you to active exploits affecting issues within your estate.

Microsoft Patch Tuesday November 2022

Microsoft’s November 2022 Patch Tuesday update addresses 68 vulnerabilities, including 6 zero days, as well additional informational fixes for Azure SDK and Edge browser.

This month’s Patch Tuesday includes a Microsoft Defense in Depth Update (ADV220003) and addressed six (6) known exploited zero-day vulnerabilities. Earlier this month, on November 2, 2022, Microsoft also released two (2) advisories for OpenSSL 3.x for Azure SDK for C++, C++ Library Manager for Windows (vcpkg), and Microsoft Azure Kubernetes Service (CVE-2022-3602, CVE-2022-3786).

This month’s Release Notes cover multiple Microsoft product families, including Azure, Developer Tools, Extended Security Updates (ESU), Microsoft Dynamics, Microsoft Office, Open Source Software, and Windows.

Microsoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution(RCE), Security Feature Bypass, and Spoofing.

Downloads include Cumulative Updates, IE Cumulative, Monthly Rollups, Security Hotpatch Updates, Security Only, and Security Updates.

Six zero-day vulnerabilities patched

November’s Patch Tuesday comes with updates for six zero-day vulnerabilities, all of which are being actively exploited, with one being publicly disclosed.

Prism has already alerted users whose estates contain these active exploits.

  • CVE-2022-41128 – Windows Scripting Languages Remote Code Execution Vulnerability

This vulnerability was discovered by Clément Lecigne of Google’s Threat Analysis Group, and as per Microsoft’s advisory:

“This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.”

  • CVE-2022-41091 – Windows Mark of the Web Security Feature Bypass Vulnerability

“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.”

  • CVE-2022-41073 – Windows Print Spooler Elevation of Privilege Vulnerability

Discovered by the Microsoft Threat Intelligence Center (MSTIC), the advisory says, “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”

  • CVE-2022-41125 – Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”

  • CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability

“The privileges acquired by the attacker would be the ability to run PowerShell in the context of the system.”

  • CVE-2022-41082 – Microsoft Exchange Server Remote Code Execution Vulnerability

The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call.

In addition to these vulnerabilities, Microsoft has also released updates for two actively exploited vulnerabilities that were released in November: CVE-2022-41040 and CVE-2022-41082.

Generated by wpDataTables