Microsoft November 2022 Patch Tuesday

Published: 2022-11-08. Last Updated: 2022-11-08 18:41:13 UTC
by Renato Marinho (Version: 1)
0 comment(s)

This month we got patches for 68 vulnerabilities. Of these, 10 are critical, 1 was previously disclosed, and 4 are already being exploited, according to Microsoft.

The previously disclosed (and exploited) vulnerability is a security feature bypass on Windows Mark of the Web (MOTW) (CVE-2022-41091). According to the advisory, an attacker can craft a malicious file that would evade MOTW defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. The CVSS for this vulnerability is 5.4.

Another exploited vulnerability is a Remote Code Execution (RCE) on Windows Script Languages (CVE-2022-41128). This vulnerability impacts JScript9 language. To exploit this vulnerability, an attacker would have to convince users to visit a specially crafted server share or website typically through an enticement in an email or chat message. In other words, user interaction is required, but it would not be hard for an attacker to accomplish this kind of interaction which makes this vulnerability worthy of special attention. The CVSS for this vulnerability is 8.8.

Among critical vulnerabilities, there is an elevation of privilege vulnerability affecting the Microsoft Exchange Server (CVE-2022-41080). The CVSS for this vulnerability is the highest for this month: 8.8. The advisory says that this vulnerability is not exploited, but marks it as “Exploitation More Likely”.

Last but not least, there is an important elevation of privilege vulnerability affecting Microsoft Windows Sysmon (CVE-2022-41120) that you should also dedicate special attention to. An attacker who successfully exploited this vulnerability could gain administrator privileges by manipulating information on the Sysinternals services. The CVSS for this vulnerability is 7.8.

See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/

November 2022 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework Information Disclosure Vulnerability
CVE-2022-41064 No No Less Likely Less Likely Important 5.8 5.1
AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions
CVE-2022-23824 No No Less Likely Less Likely Important    
Azure CycleCloud Elevation of Privilege Vulnerability
CVE-2022-41085 No No - - Important 7.5 6.5
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
CVE-2022-41051 No No Less Likely Less Likely Important 7.8 6.8
BitLocker Security Feature Bypass Vulnerability
CVE-2022-41099 No No Less Likely Less Likely Important 4.6 4.0
GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default
CVE-2022-39253 No No - - Important    
GitHub: CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI
CVE-2022-39327 No No Less Likely Less Likely Critical    
Microsoft Business Central Information Disclosure Vulnerability
CVE-2022-41066 No No - - Important 4.4 3.9
Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2022-41096 No No Less Likely More Likely Important 7.8 6.8
Microsoft Defense in Depth Update
ADV220003 No No - - Important    
Microsoft Excel Information Disclosure Vulnerability
CVE-2022-41105 No No Less Likely Less Likely Important 5.5 4.8
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-41106 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-41063 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2022-41104 No No Less Likely Less Likely Important 5.5 4.8
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-41123 No No - - Important 7.8 6.8
CVE-2022-41080 No No - - Critical 8.8 7.7
Microsoft Exchange Server Spoofing Vulnerability
CVE-2022-41078 No No - - Important 8.0 7.0
CVE-2022-41079 No No - - Important 8.0 7.0
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-41047 No No Less Likely Less Likely Important 8.8 7.7
CVE-2022-41048 No No Less Likely Less Likely Important 8.8 7.7
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-41107 No No Unlikely Less Likely Important 7.8 6.8
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-41062 No No Less Likely Less Likely Important 8.8 7.7
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2022-41122 No No Less Likely More Likely Important 6.5 5.7
Microsoft Windows Sysmon Elevation of Privilege Vulnerability
CVE-2022-41120 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Word Information Disclosure Vulnerability
CVE-2022-41060 No No More Likely Less Likely Important 5.5 4.8
CVE-2022-41103 No No Less Likely Less Likely Important 5.5 4.8
Microsoft Word Remote Code Execution Vulnerability
CVE-2022-41061 No No Unlikely Less Likely Important 7.8 6.8
Netlogon RPC Elevation of Privilege Vulnerability
CVE-2022-38023 No No - - Important 8.1 7.1
Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability
CVE-2022-41056 No No Less Likely Less Likely Important 7.5 6.5
Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability
CVE-2022-41097 No No Less Likely Less Likely Important 6.5 5.7
OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun
CVE-2022-3602 No No - - -    
OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun
CVE-2022-3786 No No - - -    
Visual Studio Remote Code Execution Vulnerability
CVE-2022-41119 No No More Likely Less Likely Important 7.8 6.8
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
CVE-2022-41100 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-41045 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-41093 No No Less Likely Less Likely Important 7.8 6.8
Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVE-2022-41114 No No Less Likely Less Likely Important 7.0 6.1
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2022-41125 No Yes - - Important 7.8 6.8
Windows Digital Media Receiver Elevation of Privilege Vulnerability
CVE-2022-41095 No No Less Likely Less Likely Important 7.8 6.8
Windows Extensible File Allocation Table Elevation of Privilege Vulnerability
CVE-2022-41050 No No Less Likely Less Likely Important 7.8 6.8
Windows GDI+ Information Disclosure Vulnerability
CVE-2022-41098 No No Less Likely Less Likely Important 5.5 4.8
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2022-41052 No No Less Likely Less Likely Important 7.8 6.8
Windows Group Policy Elevation of Privilege Vulnerability
CVE-2022-37992 No No Unlikely Less Likely Important 7.8 6.8
CVE-2022-41086 No No More Likely Less Likely Important 6.4 5.6
Windows HTTP.sys Elevation of Privilege Vulnerability
CVE-2022-41057 No No Less Likely More Likely Important 7.8 6.8
Windows Human Interface Device Information Disclosure Vulnerability
CVE-2022-41055 No No More Likely More Likely Important 5.5 4.8
Windows Hyper-V Denial of Service Vulnerability
CVE-2022-38015 No No Less Likely Less Likely Critical 6.5 5.7
Windows Kerberos Denial of Service Vulnerability
CVE-2022-41053 No No Less Likely Less Likely Important 7.5 6.5
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-37967 No No Less Likely More Likely Critical 7.2 6.3
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
CVE-2022-37966 No No - - Critical 8.1 7.1
Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2022-41091 Yes Yes More Likely Detected Important 5.4 4.7
CVE-2022-41049 No No More Likely More Likely Important 5.4 5.0
Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2022-41058 No No More Likely More Likely Important 7.5 6.5
Windows Overlay Filter Elevation of Privilege Vulnerability
CVE-2022-41101 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-41102 No No Less Likely Less Likely Important 7.8 6.8
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
CVE-2022-41090 No No More Likely More Likely Important 5.9 5.2
CVE-2022-41116 No No - - Important 5.9 5.2
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-41039 No No Unlikely Less Likely Critical 8.1 7.1
CVE-2022-41044 No No - - Critical 8.1 7.1
CVE-2022-41088 No No Less Likely Less Likely Critical 8.1 7.1
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-41073 No Yes - - Important 7.8 6.8
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVE-2022-41054 No No Less Likely Less Likely Important 7.8 6.8
Windows Scripting Languages Remote Code Execution Vulnerability
CVE-2022-41128 No Yes - - Critical 8.8 8.2
CVE-2022-41118 No No More Likely More Likely Critical 7.5 6.5
Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
CVE-2022-38014 No No Less Likely Less Likely Important 7.0 6.1
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2022-41113 No No - - Important 7.8 6.8
Windows Win32k Elevation of Privilege Vulnerability
CVE-2022-41092 No No More Likely More Likely Important 7.8 6.8
CVE-2022-41109 No No Less Likely More Likely Important 7.8 6.8

 

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Keywords:
0 comment(s)
ISC Stormcast For Tuesday, November 8th, 2022 https://isc.sans.edu/podcastdetail.html?id=8248

Comments


Diary Archives