Microsoft October 2022 Patch Tuesday Fix Day Zero


Microsoft released in October 2022 Update Tuesday patch To fix multiple security vulnerabilities discovered in their products.

Two of the 84 bugs fixed this month are zero days, one of which was actively exploited in attacks. The second was publicly disclosed but not actively used in attacks.

Thirteen vulnerabilities that have been fixed are rated “Critical” in terms of severity because they enable attackers to execute remote code, elevate privileges, or spoof. Microsoft ranks the rest of the errors (71) as “Important” in terms of severity.

in all, October security update It includes patches for 39 privilege (EoP) errors, 20 remote code execution (RCE) vulnerabilities, 11 information disclosure errors, eight denial of service errors, four spoofing errors, and two security feature bypass vulnerabilities.

In addition to these bugs, Microsoft also fixed 12 vulnerabilities in the Chromium-based Edge browser earlier this month.

actively exploited

One of the most serious vulnerabilities addressed this month is CVE-2022-41033, zero day, with a score of 7.8. This actively exploited flaw is described as a “Windows COM + Event System Service EoP” bug, which gives an attacker the ability to gain system privileges after a successful exploit.

Kev Brin, director of Cyber ​​Threat Research at Immersive Labs, believes this issue should be patched ASAP, even though it has a relatively low score compared to other vulnerabilities fixed in the October security updates.

“Privilege escalation vulnerabilities are a common occurrence in nearly every security breach. Attackers will seek system or domain-level access to disable security tools, seize credentials using tools like Mimkatz and move sideways across the network,” Brin added.

Mike Walters, VP of Vulnerability and Threat Research at Action1, said that this flaw is “an excellent tool in the arsenal of privilege-elevation hackers on Windows because it enables an attacker with local access to a machine to gain SYSTEM privileges and do whatever they like to that target system” .

Another publicly disclosed vulnerability has been fixed CVE-2022-41043 – Microsoft Office information disclosure error detected by Cody Thomas of SpecterOps.

According to Microsoft, attackers could exploit this vulnerability to gain access to users’ authentication tokens.

A critical EoP flaw in Microsoft’s Azure Arc, CVE-2022-37968, affects the cluster calling feature of Kubernetes clusters that support Azure Arc.

This vulnerability, which has a CVSSv3 score of 10, the highest possible, could be exploited by an unauthenticated attacker to gain administrator access to the Kubernetes cluster.

Although updates are available, users of Azure Arc-enabled Kubernetes clusters that do not have automatic upgrade enabled need to take steps to manually upgrade their clusters.

CVE-2022-38028, an EoP vulnerability for the Windows Print Spooler component, has a CVSSv3 score of 7.8 and a Microsoft Exploitability Index rating of “Most Likely Exploitation”.

An attacker might gain access to system privileges after exploiting the vulnerability.

UnfortunatelyTwo actively exploited zero-day vulnerabilities identified as CVE-2022-41040 and CVE-2022-41082, known as ProxyNotShell, did not receive security fixes from Microsoft.

Microsoft confirmed last month that attackers were using these two Exchange Server vulnerabilities. These defects may be serialized to provide remote code execution on Exchange Server systems.

The vulnerabilities were announced by Vietnamese cybersecurity firm GTSC in late September after it spotted and reported attacks.

Microsoft said it was speeding up work on official fixes for these issues, and advised users to enable certain settings to reduce the risk of attacks.


Leave a Reply

Your email address will not be published. Required fields are marked *