Microsoft’s most recent monthly security updates included remedies for 68 vulnerabilities across its software portfolio, including patches for six actively exploited zero-day vulnerabilities.
Twelve of the issues are classified as Critical, two as High, and 55 as Important. This includes the vulnerabilities that OpenSSL fixed the previous week.
An actively exploited issue in Chromium-based browsers (CVE-2022-3723) was also addressed earlier this month.
“The important news is that two previous zero-day CVEs impacting Exchange Server, which were made public at the end of September, have now been addressed,” Rapid7’s Greg Wiseman explained in a statement shared with The Hacker News.
“Customers are encouraged to quickly update their Exchange Server systems, regardless of whether any previously recommended mitigating measures have been implemented. Once systems have been fixed, the mitigation rules are no longer advised.”
The following is a list of actively exploited vulnerabilities that allow privilege elevation and remote code execution:
- CVE-2022-41040 (CVSS score: 8.8) – Microsoft Exchange Server Elevation of Privilege Vulnerability (aka ProxyNotShell)
- CVE-2022-41082 (CVSS score: 8.8) – Microsoft Exchange Server Elevation of Privilege Vulnerability (aka ProxyNotShell)
- CVE-2022-41128 (CVSS score: 8.8) – Windows Scripting Languages Remote Code Execution Vulnerability
- CVE-2022-41125 (CVSS score: 7.8) – Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
- CVE-2022-41073 (CVSS score: 7.8) – Windows Print Spooler Elevation of Privilege Vulnerability
- CVE-2022-41091 (CVSS score: 5.4) – Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2022-41128 resides in the javascript library (JScript9) component and happens when a target is misled into visiting a specially designed website.
CVE-2022-41091 is one of two security bypass problems discovered in Windows Mark of the Web (MoTW) in recent months. It was recently uncovered that the Magniber ransomware attacker was using it to target consumers with bogus software upgrades.
According to a Microsoft advisory, “An attacker can develop a malicious file that will bypass Mark of the Web (MotW) safeguards, resulting in loss of integrity and availability of security features like Protected View in the Microsoft Office suite.
See Rhyno Cybersecurity in Action!
CVE-2022-41049 is the second MotW bug to be addressed (aka ZippyReads). It is related to a failure to set a Web flag Mark on extracted archive files, as Analygence security researcher Will Dormann reported.
The two privilege escalation weaknesses in Print Spooler and the CNG Key Isolation Service are exploited by threat actors due to an earlier compromise to gain SYSTEM rights, according to Kev Breen, Immersive Labs’ director of cyber threat research.
Breen noted that this greater degree of access is required to disable security monitoring systems before conducting credential attacks with tools such as Mimikatz, which can allow hackers to move across a network.
Other critical issues in the November patch worth mentioning are privilege elevation flaws in Windows Kerberos (CVE-2022-37967), Kerberos RC4-HMAC (CVE-2022-37966), and Microsoft Exchange Server (CVE-2022-41080), as well as a denial-of-service flaw in Windows Hyper-V. (CVE-2022-38015).
Four RCE vulnerabilities in the Point-to-Point Tunneling Protocol (PPTP), all with CVSS scores of 8.1 (CVE-2022-41039, CVE-2022-41088, and CVE-2022-41044), and another affecting Windows scripting languages JScript9 and Chakra round out the list of Critical vulnerability remedies (CVE-2022-41118).
Aside from these concerns, the Patch Tuesday update fixes a variety of remote code execution flaws in the following apps:
- Microsoft Excel
- Microsoft Word
- ODBC Driver
- Office Graphics
- SharePoint Server
- Visual Studio
Sharing is Caring!
You are welcome to put this blog article on your website, provided you also append an active link to our website “Source: https://resources.rhyno.io”
For media enquiries, contact us at [email protected].
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.