Tech

Microsoft November 2022 Patch Tuesday fixes 6 zero-day security flaws

TLDR: Microsoft has released the latest series of patches designed to fix bugs in Windows and other popular software products. The most important updates concern six zero-day bugs, including two Exchange bugs discovered in September that continue to pose a threat to mail servers around the world.

Every second Tuesday of the month for the past 20 years or so, Microsoft has released a new batch of security updates for its widely popular (and still supported) software products. November 2022 Patch Tuesday is quite significant as it includes individual fixes for six zero-day security vulnerabilities that have already been exploited in the wild.

November 2022 security updates includes fixes for 68 security flaws found in Windows components, Visual Studio, SysInternals utilities, Office, Azure, .NET Framework, Dynamics, Exchange Server, and more. Eleven vulnerabilities are classified as “critical”, which means they can be used to escalate privileges, spoof information, or remotely execute malicious code.

The 68 vulnerabilities fixed this Patch Tuesday include the following types of security bugs: 27 privilege escalation vulnerabilities; 4 security bypass vulnerabilities; 16 remote code execution vulnerabilities; 11 information disclosure vulnerabilities; 6 Denial of service vulnerabilities; 3 Spoofing vulnerabilities.

There are no two dangers on the list OpenSSL Vulnerabilities already disclosed in early November.

The main course of November Patch Tuesday are the above six zero-day bug fixes, as they have already been publicly disclosed and potentially usable without an official fix available so far:

  • CVE-2022-41128“Windows Scripting Languages ​​Remote Code Execution Vulnerability” that requires a user with a vulnerable version of Windows to gain access to a malicious server;
  • CVE-2022-41091“Windows Web Security Bypass Vulnerability Mark”, where a specially crafted malicious file (for example, a Zip file containing a read-only file) can bypass Mark-of-the-Web protection;
  • CVE-2022-41073“Windows Print Spooler Privilege Elevation Vulnerability”, which can be exploited to gain SYSTEM privileges;
  • CVE-2022-41125“Windows CNG Key Isolation Service Privilege Elevation Vulnerability” to also gain SYSTEM level privileges;
  • CVE-2022-41040“Microsoft Exchange Server Elevation of Privilege Vulnerability” that can be used to run PowerShell in system context;
  • CVE-2022-41082“Microsoft Exchange Server Remote Code Execution Vulnerability” for remote execution of malicious code on affected servers.

The last two fixes address a security risk in Microsoft Exchange that was announced in late September and is known informally as “ProxyNotShell”.

Update KB5019758 is available for Microsoft Exchange Server 2019, 2016 and 2013 as part of the Windows Update automatic download or as a standalone package available through the Microsoft Download Center.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button