Microsoft November 2022 Patch Tuesday Fixed 11 Critical Vulnerabilities and 6 Zero-Days

Home/Forensic Investigation, Internet Security, malicious cyber actors, Microsoft, Security Advisory, Security Update, vulnerability/Microsoft November 2022 Patch Tuesday Fixed 11 Critical Vulnerabilities and 6 Zero-Days

Microsoft November 2022 Patch Tuesday Fixed 11 Critical Vulnerabilities and 6 Zero-Days

Microsoft November 2022 Patch Tuesday has been released with patches for a total of 68 vulnerabilities, which include 6 actively exploited zero days and 11 critical vulnerabilities.

Microsoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution(RCE), Security Feature Bypass, and Spoofing.

A third zero-day is CVE-2022-41128, a critical Windows vulnerability that also allows a threat actor to execute malicious code remotely. The vulnerability, which works when a vulnerable device accesses a malicious server, was discovered by Clément Lecigne of Google’s Threat Analysis Group. Because TAG tracks hacking backed by nation-states, the discovery likely means that government-backed hackers are behind the zero-day exploits.

Two more zero-days are escalation-of-privilege vulnerabilities, a class of vulnerability that, when paired with a separate vulnerability or used by someone who already has limited system privileges on a device, elevates system rights to those needed to install code, access passwords, and take control of a device. As security in applications and operating systems has improved in the past decade, so-called EoP vulnerabilities have grown in importance.

The critical vulnerabilities in the Patch Tuesday and the products they affect are as follows:

ProductCVE IDCVE TitleCVSS Score
AzureCVE-2022-39327GitHub: CVE-2022-39327 Improper Control of Generation of Code (‘Code Injection’) in Azure CLI9.8
Microsoft Exchange ServerCVE-2022-41040Microsoft Exchange Information Disclosure Vulnerability8.8
Microsoft Exchange ServerCVE-2022-41080Microsoft Exchange Server Elevation of Privilege Vulnerability8.8
Role: Windows Hyper-VCVE-2022-38015Windows Hyper-V Denial of Service Vulnerability6.5
Windows KerberosCVE-2022-37967Windows Kerberos Elevation of Privilege Vulnerability7.2
Windows KerberosCVE-2022-37966Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability8.1
Windows Point-to-Point Tunneling ProtocolCVE-2022-41044Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability8.1
Windows Point-to-Point Tunneling ProtocolCVE-2022-41039Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability8.1
Windows Point-to-Point Tunneling ProtocolCVE-2022-41088Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability8.1
Windows ScriptingCVE-2022-41118Windows Scripting Languages Remote Code Execution Vulnerability7.5
Windows ScriptingCVE-2022-41128Windows Scripting Languages Remote Code Execution Vulnerability8.8

Zero Day Vulnerabilities 

  • CVE-2022-41128 (CVSS Score: 8.8): The JScript9 scripting language in the Windows Scripting Languages is vulnerable to remote code execution. The vulnerability requires users to enter an attacker-crafted website. 
  • CVE-2022-41040 (CVSS Score: 8.8): The attacker could run the PowerShell in the context of the system. 
  • CVE-2022-41082 (CVSS Score: 8.8): An unauthenticated, remote attacker could use arbitrary code execution to target Microsoft Exchange server accounts and execute malicious code via a network call. 
  • CVE-2022-41073 (CVSS Score: 7.8)and CVE-2022-41125 (CVSS Score: 7.8): Exploiting these vulnerabilities could enable an attacker with System privileges. 
  • CVE-2022-41091 (CVSS Score: 5.4): To circumvent Mark of the Web (MOTW) defenses, an attacker can create a malicious file, which results in a limited loss of integrity and accessibility of security features. 

Critical Vulnerabilities 

  • CVE-2022-39327 (CVSS Score: 9.8): Azure CLI versions before 2.40.0 are vulnerable to code injection. Only the Windows-based computers that run any version of PowerShell and Azure CLI commands containing the ‘&’ or ‘|’ symbols are affected. 
  • CVE-2022-41080 (CVSS Score: 8.8): The vulnerability allows privilege escalation on Microsoft Exchange Server.
  • CVE-2022-37966 (CVSS Score: 8.1): Successful exploitation could enable an unauthenticated attacker with administrator rights. Windows AD environments could be breached by an attacker using cryptographic protocol flaws in RFC 4757 (Kerberos encryption type RC4-HMAC-MD5) and MS-PAC. 
  • CVE-2022-41039 and CVE-2022-41044 (CVSS Scores: 8.1): A RAS server may receive a connection request specially crafted by an unauthenticated attacker, which may result in remote code execution (RCE). 
  • CVE-2022-41088 (CVSS Score: 8.1): An attacker can send a specially crafted malicious PPTP packet to a PPTP server to exploit this vulnerability, which could result in remote code execution. 
  • CVE-2022-41118 (CVSS Score: 8.1): The JScript9 and Chakra scripting in Windows Scripting Languages are vulnerable to remote code execution. 
  • CVE-2022-37967 (CVSS Score: 7.2): An authenticated attacker could exploit the cryptographic protocol flaw in Windows Kerberos and modify Kerberos PAC to gain administrative privileges. 
  • CVE-2022-38015 (CVSS Score: 6.5): Successful exploitation could allow a Hyper-V guest to interfere with the host’s functionality. 

Recommendation

Patches generally install automatically within about 24 hours. Install updates immediately can go to Windows > Settings > Updates and Security > Windows Update. 

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 424
By | 2022-11-15T06:23:09+05:30 November 10th, 2022|Forensic Investigation, Internet Security, malicious cyber actors, Microsoft, Security Advisory, Security Update, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!