Today is Microsoft’s November 2022 Patch Tuesday, and with it comes fixes for six actively exploited Windows vulnerabilities and a total of 68 flaws.
Eleven of the 68 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow privilege elevation, spoofing, or remote code execution, one of the most severe types of vulnerabilities.
The number of bugs in each vulnerability category is listed below:
27 Elevation of Privilege Vulnerabilities
4 Security Feature Bypass Vulnerabilities
16 Remote Code Execution Vulnerabilities
11 Information Disclosure Vulnerabilities
6 Denial of Service Vulnerabilities
3 Spoofing Vulnerabilities
The above counts do not include two OpenSSL vulnerabilities disclosed on November 2nd.
Six actively exploited zero-days fixed
This month’s Patch Tuesday fixes six actively exploited zero-day vulnerabilities, with one being publicly disclosed.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
The six actively exploited zero-day vulnerabilities fixed in today’s updates are:
CVE-2022-41128 – Windows Scripting Languages Remote Code Execution Vulnerability discovered by Clément Lecigne of Google’s Threat Analysis Group
“This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.”
CVE-2022-41091 – Windows Mark of the Web Security Feature Bypass Vulnerability discovered by Will Dormann.
“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.”
This security updates fixes two Mark of the Web bypasses discovered by Dormann, who demonstrated how a specially crafted Zip file can be created to bypass the Windows security feature.
Today, Dormann provided more details on how to create the Zip file and exploit this vulnerability, which is simply to create a ZIP archive containing a read-only file.
CVE-2022-41073 – Windows Print Spooler Elevation of Privilege Vulnerability discovered by Microsoft Threat Intelligence Center (MSTIC).
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”
CVE-2022-41125 – Windows CNG Key Isolation Service Elevation of Privilege Vulnerability discovered by Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”
CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability discovered by GTSC and disclosed through Zero Dat initiative.
“The privileges acquired by the attacker would be the ability to run PowerShell in the context of the system.”
CVE-2022-41082 – Microsoft Exchange Server Remote Code Execution Vulnerability discovered by GTSC and disclosed through Zero Dat initiative.
“The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call.”
More information about the above Microsoft Exchange vulnerabilities can be found in the next section.
Microsoft Exchange ProxyNotShell zero-days fixed
Microsoft has released security updates for two actively exploited zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also dubbed ProxyNotShell.
These vulnerabilities were disclosed in late September by Vietnamese cybersecurity firm GTSC, who first spotted the flaws used in attacks.
The vulnerabilities were reported to Microsoft through the Zero Day Initiative program.
Today, Microsoft has fixed the ProxyNotShell vulnerabilities in the KB5019758 security update for Microsoft Exchange Server 2019, 2016, and 2013.
Recent updates from other companies
Other vendors who released updates in November 2022 include:
The November 2022 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities and released advisories in the November 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.
CVE ID
CVE Title
Severity
.NET Framework
CVE-2022-41064
.NET Framework Information Disclosure Vulnerability
Important
AMD CPU Branch
CVE-2022-23824
AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions
Important
Azure
CVE-2022-39327
GitHub: CVE-2022-39327 Improper Control of Generation of Code (‘Code Injection’) in Azure CLI
Critical
Azure
CVE-2022-41085
Azure CycleCloud Elevation of Privilege Vulnerability
Important
Azure Real Time Operating System
CVE-2022-41051
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Important
Linux Kernel
CVE-2022-38014
Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
Important
Microsoft Dynamics
CVE-2022-41066
Microsoft Business Central Information Disclosure Vulnerability
Important
Microsoft Exchange Server
CVE-2022-41040
Microsoft Exchange Information Disclosure Vulnerability
Critical
Microsoft Exchange Server
CVE-2022-41082
Microsoft Exchange Server Elevation of Privilege Vulnerability
Important
Microsoft Exchange Server
CVE-2022-41078
Microsoft Exchange Server Spoofing Vulnerability
Important
Microsoft Exchange Server
CVE-2022-41080
Microsoft Exchange Server Elevation of Privilege Vulnerability
Critical
Microsoft Exchange Server
CVE-2022-41079
Microsoft Exchange Server Spoofing Vulnerability
Important
Microsoft Exchange Server
CVE-2022-41123
Microsoft Exchange Server Elevation of Privilege Vulnerability
Important
Microsoft Graphics Component
CVE-2022-41113
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Important
Microsoft Graphics Component
CVE-2022-41052
Windows Graphics Component Remote Code Execution Vulnerability
Important
Microsoft Office
ADV220003
Microsoft Defense in Depth Update
Important
Microsoft Office
CVE-2022-41105
Microsoft Excel Information Disclosure Vulnerability
Important
Microsoft Office
CVE-2022-41107
Microsoft Office Graphics Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2022-41104
Microsoft Excel Security Feature Bypass Vulnerability
Important
Microsoft Office Excel
CVE-2022-41063
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2022-41106
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office SharePoint
CVE-2022-41122
Microsoft SharePoint Server Spoofing Vulnerability
Important
Microsoft Office SharePoint
CVE-2022-41062
Microsoft SharePoint Server Remote Code Execution Vulnerability
Important
Microsoft Office Word
CVE-2022-41103
Microsoft Word Information Disclosure Vulnerability
Important
Microsoft Office Word
CVE-2022-41061
Microsoft Word Remote Code Execution Vulnerability
Important
Microsoft Office Word
CVE-2022-41060
Microsoft Word Information Disclosure Vulnerability
Important
Network Policy Server (NPS)
CVE-2022-41056
Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability
Important
Network Policy Server (NPS)
CVE-2022-41097
Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability
Important
Open Source Software
CVE-2022-3786
OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun
Unknown
Open Source Software
CVE-2022-3602
OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun
Unknown
Role: Windows Hyper-V
CVE-2022-38015
Windows Hyper-V Denial of Service Vulnerability
Critical
SysInternals
CVE-2022-41120
Microsoft Windows Sysmon Elevation of Privilege Vulnerability
Important
Visual Studio
CVE-2022-39253
GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default
Important
Visual Studio
CVE-2022-41119
Visual Studio Remote Code Execution Vulnerability
Important
Windows Advanced Local Procedure Call
CVE-2022-41093
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Important
Windows ALPC
CVE-2022-41045
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Important
Windows ALPC
CVE-2022-41100
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Important
Windows Bind Filter Driver
CVE-2022-41114
Windows Bind Filter Driver Elevation of Privilege Vulnerability
Important
Windows BitLocker
CVE-2022-41099
BitLocker Security Feature Bypass Vulnerability
Important
Windows CNG Key Isolation Service
CVE-2022-41125
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
Important
Windows Devices Human Interface
CVE-2022-41055
Windows Human Interface Device Information Disclosure Vulnerability
Important
Windows Digital Media
CVE-2022-41095
Windows Digital Media Receiver Elevation of Privilege Vulnerability
Important
Windows DWM Core Library
CVE-2022-41096
Microsoft DWM Core Library Elevation of Privilege Vulnerability
Important
Windows Extensible File Allocation
CVE-2022-41050
Windows Extensible File Allocation Table Elevation of Privilege Vulnerability
Important
Windows Group Policy Preference Client
CVE-2022-37992
Windows Group Policy Elevation of Privilege Vulnerability
Important
Windows Group Policy Preference Client
CVE-2022-41086
Windows Group Policy Elevation of Privilege Vulnerability
Important
Windows HTTP.sys
CVE-2022-41057
Windows HTTP.sys Elevation of Privilege Vulnerability
Important
Windows Kerberos
CVE-2022-37967
Windows Kerberos Elevation of Privilege Vulnerability
Critical
Windows Kerberos
CVE-2022-41053
Windows Kerberos Denial of Service Vulnerability
Important
Windows Kerberos
CVE-2022-37966
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
Critical
Windows Mark of the Web (MOTW)
CVE-2022-41049
Windows Mark of the Web Security Feature Bypass Vulnerability
Important
Windows Mark of the Web (MOTW)
CVE-2022-41091
Windows Mark of the Web Security Feature Bypass Vulnerability
Important
Windows Netlogon
CVE-2022-38023
Netlogon RPC Elevation of Privilege Vulnerability
Important
Windows Network Address Translation (NAT)
CVE-2022-41058
Windows Network Address Translation (NAT) Denial of Service Vulnerability
Important
Windows ODBC Driver
CVE-2022-41047
Microsoft ODBC Driver Remote Code Execution Vulnerability
Important
Windows ODBC Driver
CVE-2022-41048
Microsoft ODBC Driver Remote Code Execution Vulnerability
Important
Windows Overlay Filter
CVE-2022-41101
Windows Overlay Filter Elevation of Privilege Vulnerability
Important
Windows Overlay Filter
CVE-2022-41102
Windows Overlay Filter Elevation of Privilege Vulnerability
Important
Windows Point-to-Point Tunneling Protocol
CVE-2022-41044
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Critical
Windows Point-to-Point Tunneling Protocol
CVE-2022-41116
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
Important
Windows Point-to-Point Tunneling Protocol
CVE-2022-41090
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
Important
Windows Point-to-Point Tunneling Protocol
CVE-2022-41039
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Critical
Windows Point-to-Point Tunneling Protocol
CVE-2022-41088
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Critical
Windows Print Spooler Components
CVE-2022-41073
Windows Print Spooler Elevation of Privilege Vulnerability
Important
Windows Resilient File System (ReFS)
CVE-2022-41054
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Important
Windows Scripting
CVE-2022-41118
Windows Scripting Languages Remote Code Execution Vulnerability
Critical
Windows Scripting
CVE-2022-41128
Windows Scripting Languages Remote Code Execution Vulnerability
Critical
Windows Win32K
CVE-2022-41092
Windows Win32k Elevation of Privilege Vulnerability
Important
Windows Win32K
CVE-2022-41109
Windows Win32k Elevation of Privilege Vulnerability
Important
Windows Win32K
CVE-2022-41098
Windows GDI+ Information Disclosure Vulnerability
Important
