With November 2022 Patch Tuesday , Microsoft fix fixes 6 exploited zero-days, 68 flaws.
The six actively exploited zero-day vulnerabilities fixed are:
CVE-2022-41128 – Windows Scripting Languages Remote Code Execution Vulnerability
CVE-2022-41091 – Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2022-41073 – Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-41125 – Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-41082 – Microsoft Exchange Server Remote Code Execution Vulnerability
The vulnerability (CVE-2022-41091, a Mark of the Web bypass bug) has been publicly disclosed and exploited in the wild.
Full Summary tables
(from: https://www.rapid7.com/blog/post/2022/11/08/patch-tuesday-november-2022-2/)
Azure vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2022-41051 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 |
| CVE-2022-41085 | Azure CycleCloud Elevation of Privilege Vulnerability | No | No | 7.5 |
| CVE-2022-39327 | GitHub: CVE-2022-39327 Improper Control of Generation of Code (‘Code Injection’) in Azure CLI | No | No | N/A |
Developer Tools vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2022-41119 | Visual Studio Remote Code Execution Vulnerability | No | No | 7.8 |
| CVE-2022-41120 | Microsoft Windows Sysmon Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2022-41064 | .NET Framework Information Disclosure Vulnerability | No | No | 5.8 |
| CVE-2022-39253 | GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default | No | No | N/A |
ESU vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2022-41044 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 |
| CVE-2022-41116 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | No | No | 5.9 |
ESU Windows vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2022-41128 | Windows Scripting Languages Remote Code Execution Vulnerability | Yes | No | 8.8 |
| CVE-2022-41047 | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2022-41048 | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2022-41039 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 |
| CVE-2022-37966 | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | No | No | 8.1 |
| CVE-2022-38023 | Netlogon RPC Elevation of Privilege Vulnerability | No | No | 8.1 |
| CVE-2022-41109 | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2022-41073 | Windows Print Spooler Elevation of Privilege Vulnerability | Yes | No | 7.8 |
| CVE-2022-41057 | Windows HTTP.sys Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2022-37992 | Windows Group Policy Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2022-41095 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2022-41045 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2022-41118 | Windows Scripting Languages Remote Code Execution Vulnerability | No | No | 7.5 |
| CVE-2022-41058 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | No | No | 7.5 |
| CVE-2022-41053 | Windows Kerberos Denial of Service Vulnerability | No | No | 7.5 |
| CVE-2022-41056 | Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability | No | No | 7.5 |
| CVE-2022-37967 | Windows Kerberos Elevation of Privilege Vulnerability | No | No | 7.2 |
| CVE-2022-41097 | Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability | No | No | 6.5 |
| CVE-2022-41086 | Windows Group Policy Elevation of Privilege Vulnerability | No | No | 6.4 |
| CVE-2022-41090 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | No | No | 5.9 |
| CVE-2022-41098 | Windows GDI+ Information Disclosure Vulnerability | No | No | 5.5 |
| CVE-2022-23824 | AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions | No | No | N/A |
Exchange Server vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2022-41080 | Microsoft Exchange Server Elevation of Privilege Vulnerability | No | No | 8.8 |
| CVE-2022-41078 | Microsoft Exchange Server Spoofing Vulnerability | No | No | 8 |
| CVE-2022-41079 | Microsoft Exchange Server Spoofing Vulnerability | No | No | 8 |
| CVE-2022-41123 | Microsoft Exchange Server Elevation of Privilege Vulnerability | No | No | 7.8 |
Microsoft Dynamics vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2022-41066 | Microsoft Business Central Information Disclosure Vulnerability | No | No | 4.4 |
Microsoft Office vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2022-41062 | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2022-41061 | Microsoft Word Remote Code Execution Vulnerability | No | No | 7.8 |
| CVE-2022-41107 | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 |
| CVE-2022-41106 | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 |
| CVE-2022-41063 | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 |
| CVE-2022-41122 | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 6.5 |
| CVE-2022-41060 | Microsoft Word Information Disclosure Vulnerability | No | No | 5.5 |
| CVE-2022-41103 | Microsoft Word Information Disclosure Vulnerability | No | No | 5.5 |
| CVE-2022-41104 | Microsoft Excel Security Feature Bypass Vulnerability | No | No | 5.5 |
| CVE-2022-41105 | Microsoft Excel Information Disclosure Vulnerability | No | No | 5.5 |
Open Source Software Azure vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2022-38014 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | No | No | 7 |
| CVE-2022-3786 | OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun | No | No | N/A |
| CVE-2022-3602 | OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun | No | No | N/A |
Windows vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2022-41088 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 |
| CVE-2022-41092 | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2022-41113 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2022-41054 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2022-41101 | Windows Overlay Filter Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2022-41102 | Windows Overlay Filter Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2022-41052 | Windows Graphics Component Remote Code Execution Vulnerability | No | No | 7.8 |
| CVE-2022-41050 | Windows Extensible File Allocation Table Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2022-41125 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Yes | No | 7.8 |
| CVE-2022-41100 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2022-41093 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2022-41096 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2022-41114 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | No | No | 7 |
| CVE-2022-38015 | Windows Hyper-V Denial of Service Vulnerability | No | No | 6.5 |
| CVE-2022-41055 | Windows Human Interface Device Information Disclosure Vulnerability | No | No | 5.5 |
| CVE-2022-41091 | Windows Mark of the Web Security Feature Bypass Vulnerability | Yes | Yes | 5.4 |
| CVE-2022-41049 | Windows Mark of the Web Security Feature Bypass Vulnerability | No | No | 5.4 |
| CVE-2022-41099 | BitLocker Security Feature Bypass Vulnerability | No | No | 4.6 |
AS Always Recommended : First try on Non production Environment
SHMUEL H.