Microsoft released a security update under the November Patch Tuesday with the fixes of 68 security vulnerabilities including 6 actively exploited zero-days that affect several Microsoft products.
In this list of Vulnerabilities, 12 Vulnerabilities were marked as “Critical”, 2 were listed under “High” and the rest of the 55 vulnerabilities were fixed as “Important”.
Here the following Microsoft Portifolio products that receives a security updates for its respective bugs:-
- .NET Framework
- AMD CPU Branch
- Azure Real Time Operating System
- Linux Kernel
- Microsoft Dynamics
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Office
- Microsoft Office Excel
- Microsoft Office SharePoint
- Microsoft Office Word
- Network Policy Server (NPS)
- Open Source Software
- Role: Windows Hyper-V
- Visual Studio
- Windows Advanced Local Procedure Call
- Windows ALPC
- Windows Bind Filter Driver
- Windows BitLocker
- Windows CNG Key Isolation Service
- Windows Devices Human Interface
- Windows Digital Media
- Windows DWM Core Library
- Windows Extensible File Allocation
- Windows Group Policy Preference Client
- Windows HTTP.sys
- Windows Kerberos
- Windows Mark of the Web (MOTW)
- Windows Netlogon
- Windows Network Address Translation (NAT)
- Windows ODBC Driver
- Windows Overlay Filter
- Windows Point-to-Point Tunneling Protocol
- Windows Print Spooler Components
- Windows Resilient File System (ReFS)
- Windows Scripting
- Windows Win32K
Fixed bugs are cantogorized under the following severities:-
- 27 Elevation of Privilege Vulnerabilities
- 16 Remote Code Execution Vulnerabilities
- 11 Information Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 4 Security Feature Bypass Vulnerabilities
- 3 Spoofing Vulnerabilities
Microsoft fixed 6 zero-day vulnerabilities in this update that affects various MS products.
CVE-2022-41040 – A Microsoft Exchange Server Elevation of Privilege vunerability that allow attackers to execute a powershell in the Context of the system, discovered and reported by Zero-day initiative Team under GTSC program.
CVE-2022-41128 – Windows Scripting Languages Remote Code Execution Vulnerability that required attackers to host a specially crafted website or server where they trick users to visit from affected version of Windows to exploit and gain access.
CVE-2022-41082 – Microsoft Exchange Server Remote Code Execution Vulnerability let hackers to execute the remote code on the targeted server accounts and the successful gain leads to the attacker could attempt to trigger malicious code with the help of network call.
CVE-2022-41073 – Windows Print Spooler Elevation of Privilege Vulnerability allow attackers to exploit the vulnerability to gaint he system previledges.
CVE-2022-41091 – Windows Mark of the Web Security Feature Bypass Vulnerability allows AN attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses.
CVE-2022-41125 – Windows CNG Key Isolation Service Elevation of Privilege Vulnerability that uncovered by Microsoft internal security team and the vulnerabilities allow attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Other Vendors Security Updates:
Other vendors who released updates in November 2022 include:
- Apple released Xcode 14.1 with numerous security updates.
- Cisco released security updates for numerous products this month.
- Citrix released security updates for a ‘Critical’ authentication bypass in Citrix ADA and Gateway.
- Google released Android’s November security updates.
- Intel released the November 2022 security updates.
- OpenSSL released security updates for CVE-2022-3602 and CVE-2022-3786.
- SAP has released its November 2022 Patch Day updates.
Microsoft strongly recommended installing these security updates for all windows users to avoid the security risk and protect your Windows.
You can refer to the complete patch details for the full list of vulnerabilities resolved, and advisories, in the November 2022 Patch here.
Azure Active Directory Security – Download Free E-Book