Microsoft November 2022 Patch Tuesday

November’s Patch Tuesday was released to fix security flaws in some products such as Microsoft Exchange Server, Microsoft Office, Network Policy Server (NPS), Windows Advanced Local Procedure Call, Windows Hyper-V, Windows Bind Filter Driver, Windows Kerberos, Windows Netlogon, Windows ODBC Driver, Windows Point-to-Point Tunneling Protocol, Windows Scripting, and Windows Win32K.

The released security updates fix six actively exploited zero-days, two of them tracked as “CVE-2022-41040” and “CVE-2022-41082”, known as ProxyNotShell. The mentioned vulnerabilities affect Microsoft Exchange Server 2019, 2016, and 2013. They could enable the attackers to escalate privileges to run PowerShell in the context of the system and gain arbitrary or remote code execution.

Samples of the addressed vulnerabilities:

1. Microsoft Exchange Server Elevation of Privilege (CVE-2022-41080):
   • CVSS: 8.8
   • Attack Vector: Network
   • Attack Complexity: Low
   • Privileges Required: Low
   • User Interaction: None
   • Consequences: Gain Privileges
     
     
2. Windows Scripting Languages Remote Code Execution (CVE-2022-41128):
   • CVSS: 8.8
   • Attack Vector: Network
   • Attack Complexity: Low
   • Privileges Required: None
   • User Interaction: Required
   • Consequences: Gain Privileges

The six actively exploited zero-day vulnerabilities:

• • Windows Scripting Languages Remote Code Execution – (CVE-2022-41128).
  • Windows Mark of the Web Security Feature Bypass – (CVE-2022-41091).
  • Windows Print Spooler Elevation of Privilege – (CVE-2022-41073).
  • Windows CNG Key Isolation Service Elevation of Privilege – (CVE-2022-
    41125).
  • Microsoft Exchange Server Elevation of Privilege – (CVE-2022-41040).
  • Microsoft Exchange Server Remote Code Execution – (CVE-2022-41082).