Microsoft has released the November 2022 Patch Tuesday and it fixes 68 vulnerabilities as well as 6 actively exploited zero-day flaws! It’s time to take stock!
Out of this total of 68 vulnerabilities, 11 are considered critical and they can correspond to different types: elevation of privileges, remote code execution, etc… Here is the list of the 11 critical vulnerabilities:
The products mentioned above are not the only ones affected by this Patch Tuesday. Indeed, Microsoft has also corrected security flaws in the Linux kernel used by WSL2, Microsoft Dynamics, Office, Excel, SharePoint, Word, NPS (Radius), Visual Studio, Windows ALPC, BitLocker, the client Group Policy Preference Windows, the Netlogon service, the ODBC driver, Windows MOTW, or the ReFS file system.
Microsoft Exchange: a fix for ProxyNotShell
On the occasion of the release of this Patch Tuesday, Microsoft has released a new security patch for Microsoft Exchange Server to correct security flaws dubbed ProxyNotShell. To be more precise, these are the following two security flaws: CVE-2022-41040 et CVE-2022-41082.
This patch was expected since we have been talking about these vulnerabilities since the end of September! Microsoft fixed ProxyNotShell in the security update KB5019758 pour Microsoft Exchange Server 2019, 2016 et 2013.
Six actively exploited zero-day security vulnerabilities!
This Patch Tuesday is also an opportunity for Microsoft to patch 6 zero-day security vulnerabilities ! Okay, there are two that match the ProxyNotShell vulnerabilities mentioned below, but for the others here is a bit more information.
Discovered by Clément Lecigne and Benoit Sevens from Google Threat Analysis, this vulnerability is associated with a CVSS score of 8.8 out of 10. Located in “Windows Scripting Languages“, which probably corresponds to the scripting engine of Windows, this security flaw affects all versions of Windows.
To exploit this vulnerability, the attacker must convince their intended victim to visit a malicious website or a specific share. For this, we can imagine different methods, including a phishing campaign. Therefore, this vulnerability allows remote code execution.
Discovered by Will Dormann, this vulnerability allowsbypass Windows “Mark of the Web” feature. As a reminder, this feature makes it possible to stamp a file coming from the Internet, which allows certain programs to treat these files differently, because they are potentially dangerous.
For example, this is the case with Microsoft Office with protected mode, so being able to bypass this protection with a specially designed document is not trivial. For his part, Will Dormann gave a demonstration based on a ZIP archive.
This security flaw located in the Windows Print Spooler is exploited locally and allows an attacker to obtain SYSTEM privileges if he succeeds in his attack. All versions of Windows are affected.
This vulnerability also makes it possible to obtain SYSTEM rights and it also affects all versions of Windows. The service impacted by this security flaw is linked to the Windows LSA process.
See you a little later for Windows 10 and Windows 11 updates!
Logiciel – OS,Sécurité,Microsoft,Patch Tuesday,
#Patch #Tuesday #November #vulnerabilities #fixed