November 2022 Patch Tuesday | Microsoft Fixes 6 Actively Exploited Vulnerabilities

Microsoft released their November patch notes, fixing six vulnerabilities that are under active exploitation, and patching a total of 68 flaws. Microsoft provided limited information about the exploitation efforts against these vulnerabilities. The security flaws affect Microsoft Windows, Microsoft Azure, Microsoft Exchange Server and Microsoft Office, among others; some of these flaws have been targeted by malicious hackers for months.

Can you give me more details on the vulnerabilities?

The six actively exploited zero-day vulnerabilities fixed in today’s updates are:

• CVE-2022-41128 – A Windows Scripting Languages Remote Code Execution vulnerability, which requires a user with an affected version of Windows to access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.
• CVE-2022-41091 – A Windows Mark of the Web Security Feature Bypass vulnerability that could allow an attacker to craft a malicious file with the ability to evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office (which rely on MOTW tagging).
• CVE-2022-41073 – A Windows Print Spooler Elevation of Privilege vulnerability that could allow an attacker to gain SYSTEM privileges.
• CVE-2022-41125 – A Windows CNG Key Isolation Service Elevation of Privilege vulnerability that could allow an attacker to gain SYSTEM privileges.
• CVE-2022-41040 – A Microsoft Exchange Server Elevation of Privilege vulnerability that could allow an attacker to run PowerShell in the context of the system.
• CVE-2022-41082 – A Microsoft Exchange Server Remote Code Execution vulnerability that could allow an attacker to target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call.

The full list of 68 resolved vulnerabilities and released advisories in the November 2022 Patch Tuesday can be found in this report. Out of 68 patched vulnerabilities fixed, 11 are classified as “Critical” since they allow privilege elevation, spoofing or remote code execution.

What is Nuspire doing?

Nuspire applies patches when released in accordance with vendor recommendations.

What should I do?

Apply the Microsoft Patch Tuesday updates as soon as possible to prevent malicious actors from exploiting vulnerabilities, especially when it is known that several of the flaws are already being actively targeted.