Microsoft November 2022 Patch Tuesday
This month we got patches for 68 vulnerabilities. Of these, 10 are critical, 1 was previously disclosed, and 4 are already being exploited, according to Microsoft.
The previously disclosed (and exploited) vulnerability is a security feature bypass on Windows Mark of the Web (MOTW) (CVE-2022-41091). According to the advisory, an attacker can craft a malicious file that would evade MOTW defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. The CVSS for this vulnerability is 5.4.
Another exploited vulnerability is a Remote Code Execution (RCE) on Windows Script Languages (CVE-2022-41128). This vulnerability impacts JScript9 language. To exploit this vulnerability, an attacker would have to convince users to visit a specially crafted server share or website typically through an enticement in an email or chat message. In other words, user interaction is required, but it would not be hard for an attacker to accomplish this kind of interaction which makes this vulnerability worthy of special attention. The CVSS for this vulnerability is 8.8.
Among critical vulnerabilities, there is an elevation of privilege vulnerability affecting the Microsoft Exchange Server (CVE-2022-41080). The CVSS for this vulnerability is the highest for this month: 8.8. The advisory says that this vulnerability is not exploited, but marks it as “Exploitation More Likely”.
Last but not least, there is an important elevation of privilege vulnerability affecting Microsoft Windows Sysmon (CVE-2022-41120) that you should also dedicate special attention to. An attacker who successfully exploited this vulnerability could gain administrator privileges by manipulating information on the Sysinternals services. The CVSS for this vulnerability is 7.8.
See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/
November 2022 Security Updates
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET Framework Information Disclosure Vulnerability | |||||||
| CVE-2022-41064 | No | No | Less Likely | Less Likely | Important | 5.8 | 5.1 |
| AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions | |||||||
| CVE-2022-23824 | No | No | Less Likely | Less Likely | Important | ||
| Azure CycleCloud Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41085 | No | No | - | - | Important | 7.5 | 6.5 |
| Azure RTOS GUIX Studio Remote Code Execution Vulnerability | |||||||
| CVE-2022-41051 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| BitLocker Security Feature Bypass Vulnerability | |||||||
| CVE-2022-41099 | No | No | Less Likely | Less Likely | Important | 4.6 | 4.0 |
| GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default | |||||||
| CVE-2022-39253 | No | No | - | - | Important | ||
| GitHub: CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI | |||||||
| CVE-2022-39327 | No | No | Less Likely | Less Likely | Critical | ||
| Microsoft Business Central Information Disclosure Vulnerability | |||||||
| CVE-2022-41066 | No | No | - | - | Important | 4.4 | 3.9 |
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41096 | No | No | Less Likely | More Likely | Important | 7.8 | 6.8 |
| Microsoft Defense in Depth Update | |||||||
| ADV220003 | No | No | - | - | Important | ||
| Microsoft Excel Information Disclosure Vulnerability | |||||||
| CVE-2022-41105 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2022-41106 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-41063 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Excel Security Feature Bypass Vulnerability | |||||||
| CVE-2022-41104 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41123 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2022-41080 | No | No | - | - | Critical | 8.8 | 7.7 |
| Microsoft Exchange Server Spoofing Vulnerability | |||||||
| CVE-2022-41078 | No | No | - | - | Important | 8.0 | 7.0 |
| CVE-2022-41079 | No | No | - | - | Important | 8.0 | 7.0 |
| Microsoft ODBC Driver Remote Code Execution Vulnerability | |||||||
| CVE-2022-41047 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-41048 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||||
| CVE-2022-41107 | No | No | Unlikely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
| CVE-2022-41062 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||||
| CVE-2022-41122 | No | No | Less Likely | More Likely | Important | 6.5 | 5.7 |
| Microsoft Windows Sysmon Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41120 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Word Information Disclosure Vulnerability | |||||||
| CVE-2022-41060 | No | No | More Likely | Less Likely | Important | 5.5 | 4.8 |
| CVE-2022-41103 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Microsoft Word Remote Code Execution Vulnerability | |||||||
| CVE-2022-41061 | No | No | Unlikely | Less Likely | Important | 7.8 | 6.8 |
| Netlogon RPC Elevation of Privilege Vulnerability | |||||||
| CVE-2022-38023 | No | No | - | - | Important | 8.1 | 7.1 |
| Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability | |||||||
| CVE-2022-41056 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability | |||||||
| CVE-2022-41097 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun | |||||||
| CVE-2022-3602 | No | No | - | - | - | ||
| OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun | |||||||
| CVE-2022-3786 | No | No | - | - | - | ||
| Visual Studio Remote Code Execution Vulnerability | |||||||
| CVE-2022-41119 | No | No | More Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41100 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-41045 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-41093 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Bind Filter Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41114 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41125 | No | Yes | - | - | Important | 7.8 | 6.8 |
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41095 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Extensible File Allocation Table Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41050 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows GDI+ Information Disclosure Vulnerability | |||||||
| CVE-2022-41098 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||||
| CVE-2022-41052 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Group Policy Elevation of Privilege Vulnerability | |||||||
| CVE-2022-37992 | No | No | Unlikely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-41086 | No | No | More Likely | Less Likely | Important | 6.4 | 5.6 |
| Windows HTTP.sys Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41057 | No | No | Less Likely | More Likely | Important | 7.8 | 6.8 |
| Windows Human Interface Device Information Disclosure Vulnerability | |||||||
| CVE-2022-41055 | No | No | More Likely | More Likely | Important | 5.5 | 4.8 |
| Windows Hyper-V Denial of Service Vulnerability | |||||||
| CVE-2022-38015 | No | No | Less Likely | Less Likely | Critical | 6.5 | 5.7 |
| Windows Kerberos Denial of Service Vulnerability | |||||||
| CVE-2022-41053 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Windows Kerberos Elevation of Privilege Vulnerability | |||||||
| CVE-2022-37967 | No | No | Less Likely | More Likely | Critical | 7.2 | 6.3 |
| Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | |||||||
| CVE-2022-37966 | No | No | - | - | Critical | 8.1 | 7.1 |
| Windows Mark of the Web Security Feature Bypass Vulnerability | |||||||
| CVE-2022-41091 | Yes | Yes | More Likely | Detected | Important | 5.4 | 4.7 |
| CVE-2022-41049 | No | No | More Likely | More Likely | Important | 5.4 | 5.0 |
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | |||||||
| CVE-2022-41058 | No | No | More Likely | More Likely | Important | 7.5 | 6.5 |
| Windows Overlay Filter Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41101 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-41102 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | |||||||
| CVE-2022-41090 | No | No | More Likely | More Likely | Important | 5.9 | 5.2 |
| CVE-2022-41116 | No | No | - | - | Important | 5.9 | 5.2 |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||||
| CVE-2022-41039 | No | No | Unlikely | Less Likely | Critical | 8.1 | 7.1 |
| CVE-2022-41044 | No | No | - | - | Critical | 8.1 | 7.1 |
| CVE-2022-41088 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41073 | No | Yes | - | - | Important | 7.8 | 6.8 |
| Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41054 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Scripting Languages Remote Code Execution Vulnerability | |||||||
| CVE-2022-41128 | No | Yes | - | - | Critical | 8.8 | 8.2 |
| CVE-2022-41118 | No | No | More Likely | More Likely | Critical | 7.5 | 6.5 |
| Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2022-38014 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41113 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Win32k Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41092 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
| CVE-2022-41109 | No | No | Less Likely | More Likely | Important | 7.8 | 6.8 |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments