Patch Tuesday

​Today is Microsoft's November 2022 Patch Tuesday, and with it comes fixes for six actively exploited Windows vulnerabilities and a total of 68 flaws.

Eleven of the 68 vulnerabilities fixed in today's update are classified as 'Critical' as they allow privilege elevation, spoofing, or remote code execution, one of the most severe types of vulnerabilities.

The number of bugs in each vulnerability category is listed below:

  • 27 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 16 Remote Code Execution Vulnerabilities
  • 11 Information Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities

The above counts do not include two OpenSSL vulnerabilities disclosed on November 2nd.

For information about the non-security Windows updates, you can read today's articles on the Windows 10 KB5019959 and KB5019966 updates and the Windows 11 KB5019980 and KB5019961 updates.

Six actively exploited zero-days fixed

This month's Patch Tuesday fixes six actively exploited zero-day vulnerabilities, with one being publicly disclosed.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The six actively exploited zero-day vulnerabilities fixed in today's updates are:

CVE-2022-41128 - Windows Scripting Languages Remote Code Execution Vulnerability discovered by Clément Lecigne of Google’s Threat Analysis Group

"This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message."

CVE-2022-41091 - Windows Mark of the Web Security Feature Bypass Vulnerability discovered by Will Dormann.

"An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging."

This security updates fixes two Mark of the Web bypasses discovered by Dormann, who demonstrated how a specially crafted Zip file can be created to bypass the Windows security feature.

Today, Dormann provided more details on how to create the Zip file and exploit this vulnerability, which is simply to create a ZIP archive containing a read-only file.

CVE-2022-41073 - Windows Print Spooler Elevation of Privilege Vulnerability discovered by Microsoft Threat Intelligence Center (MSTIC).

"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges."

CVE-2022-41125 - Windows CNG Key Isolation Service Elevation of Privilege Vulnerability discovered by Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).

"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges."

CVE-2022-41040 - Microsoft Exchange Server Elevation of Privilege Vulnerability discovered by GTSC and disclosed through Zero Dat initiative.

"The privileges acquired by the attacker would be the ability to run PowerShell in the context of the system."

CVE-2022-41082 - Microsoft Exchange Server Remote Code Execution Vulnerability discovered by GTSC and disclosed through Zero Dat initiative.

"The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call."

More information about the above Microsoft Exchange vulnerabilities can be found in the next section.

Microsoft Exchange ProxyNotShell zero-days fixed

Microsoft has released security updates for two actively exploited zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also dubbed ProxyNotShell.

These vulnerabilities were disclosed in late September by Vietnamese cybersecurity firm GTSC, who first spotted the flaws used in attacks.

The vulnerabilities were reported to Microsoft through the Zero Day Initiative program.

Today, Microsoft has fixed the ProxyNotShell vulnerabilities in the KB5019758 security update for Microsoft Exchange Server 2019, 2016, and 2013.

Recent updates from other companies

Other vendors who released updates in November 2022 include:

The November 2022 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the November 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Tag CVE ID CVE Title Severity
.NET Framework CVE-2022-41064 .NET Framework Information Disclosure Vulnerability Important
AMD CPU Branch CVE-2022-23824 AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions Important
Azure CVE-2022-39327 GitHub: CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI Critical
Azure CVE-2022-41085 Azure CycleCloud Elevation of Privilege Vulnerability Important
Azure Real Time Operating System CVE-2022-41051 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important
Linux Kernel CVE-2022-38014 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability Important
Microsoft Dynamics CVE-2022-41066 Microsoft Business Central Information Disclosure Vulnerability Important
Microsoft Exchange Server CVE-2022-41040 Microsoft Exchange Information Disclosure Vulnerability Critical
Microsoft Exchange Server CVE-2022-41082 Microsoft Exchange Server Elevation of Privilege Vulnerability Important
Microsoft Exchange Server CVE-2022-41078 Microsoft Exchange Server Spoofing Vulnerability Important
Microsoft Exchange Server CVE-2022-41080 Microsoft Exchange Server Elevation of Privilege Vulnerability Critical
Microsoft Exchange Server CVE-2022-41079 Microsoft Exchange Server Spoofing Vulnerability Important
Microsoft Exchange Server CVE-2022-41123 Microsoft Exchange Server Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2022-41113 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2022-41052 Windows Graphics Component Remote Code Execution Vulnerability Important
Microsoft Office ADV220003 Microsoft Defense in Depth Update Important
Microsoft Office CVE-2022-41105 Microsoft Excel Information Disclosure Vulnerability Important
Microsoft Office CVE-2022-41107 Microsoft Office Graphics Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2022-41104 Microsoft Excel Security Feature Bypass Vulnerability Important
Microsoft Office Excel CVE-2022-41063 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2022-41106 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2022-41122 Microsoft SharePoint Server Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2022-41062 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Office Word CVE-2022-41103 Microsoft Word Information Disclosure Vulnerability Important
Microsoft Office Word CVE-2022-41061 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Office Word CVE-2022-41060 Microsoft Word Information Disclosure Vulnerability Important
Network Policy Server (NPS) CVE-2022-41056 Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability Important
Network Policy Server (NPS) CVE-2022-41097 Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability Important
Open Source Software CVE-2022-3786 OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun Unknown
Open Source Software CVE-2022-3602 OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun Unknown
Role: Windows Hyper-V CVE-2022-38015 Windows Hyper-V Denial of Service Vulnerability Critical
SysInternals CVE-2022-41120 Microsoft Windows Sysmon Elevation of Privilege Vulnerability Important
Visual Studio CVE-2022-39253 GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default Important
Visual Studio CVE-2022-41119 Visual Studio Remote Code Execution Vulnerability Important
Windows Advanced Local Procedure Call CVE-2022-41093 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Important
Windows ALPC CVE-2022-41045 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Important
Windows ALPC CVE-2022-41100 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Important
Windows Bind Filter Driver CVE-2022-41114 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important
Windows BitLocker CVE-2022-41099 BitLocker Security Feature Bypass Vulnerability Important
Windows CNG Key Isolation Service CVE-2022-41125 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Important
Windows Devices Human Interface CVE-2022-41055 Windows Human Interface Device Information Disclosure Vulnerability Important
Windows Digital Media CVE-2022-41095 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important
Windows DWM Core Library CVE-2022-41096 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important
Windows Extensible File Allocation CVE-2022-41050 Windows Extensible File Allocation Table Elevation of Privilege Vulnerability Important
Windows Group Policy Preference Client CVE-2022-37992 Windows Group Policy Elevation of Privilege Vulnerability Important
Windows Group Policy Preference Client CVE-2022-41086 Windows Group Policy Elevation of Privilege Vulnerability Important
Windows HTTP.sys CVE-2022-41057 Windows HTTP.sys Elevation of Privilege Vulnerability Important
Windows Kerberos CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability Critical
Windows Kerberos CVE-2022-41053 Windows Kerberos Denial of Service Vulnerability Important
Windows Kerberos CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability Critical
Windows Mark of the Web (MOTW) CVE-2022-41049 Windows Mark of the Web Security Feature Bypass Vulnerability Important
Windows Mark of the Web (MOTW) CVE-2022-41091 Windows Mark of the Web Security Feature Bypass Vulnerability Important
Windows Netlogon CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability Important
Windows Network Address Translation (NAT) CVE-2022-41058 Windows Network Address Translation (NAT) Denial of Service Vulnerability Important
Windows ODBC Driver CVE-2022-41047 Microsoft ODBC Driver Remote Code Execution Vulnerability Important
Windows ODBC Driver CVE-2022-41048 Microsoft ODBC Driver Remote Code Execution Vulnerability Important
Windows Overlay Filter CVE-2022-41101 Windows Overlay Filter Elevation of Privilege Vulnerability Important
Windows Overlay Filter CVE-2022-41102 Windows Overlay Filter Elevation of Privilege Vulnerability Important
Windows Point-to-Point Tunneling Protocol CVE-2022-41044 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical
Windows Point-to-Point Tunneling Protocol CVE-2022-41116 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability Important
Windows Point-to-Point Tunneling Protocol CVE-2022-41090 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability Important
Windows Point-to-Point Tunneling Protocol CVE-2022-41039 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical
Windows Point-to-Point Tunneling Protocol CVE-2022-41088 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical
Windows Print Spooler Components CVE-2022-41073 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Resilient File System (ReFS) CVE-2022-41054 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important
Windows Scripting CVE-2022-41118 Windows Scripting Languages Remote Code Execution Vulnerability Critical
Windows Scripting CVE-2022-41128 Windows Scripting Languages Remote Code Execution Vulnerability Critical
Windows Win32K CVE-2022-41092 Windows Win32k Elevation of Privilege Vulnerability Important
Windows Win32K CVE-2022-41109 Windows Win32k Elevation of Privilege Vulnerability Important
Windows Win32K CVE-2022-41098 Windows GDI+ Information Disclosure Vulnerability Important

Related Articles:

Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs

Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws

Windows 10 KB5034763 update released with new fixes, changes

Windows 11 KB5035853 update released, here's what's new

Over 28,500 Exchange servers vulnerable to actively exploited bug