Update now: Microsoft’s November Patch Tuesday covers a lot of zero-days
Microsoft has patched six zero-day vulnerabilities in November’s Patch Tuesday. Eleven of the 68 vulnerabilities fixed in this month’s round of updates are considered critical.
Exchange
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
Two of the zero-day vulnerabilities Microsoft patched this month are actively exploited flaws in Exchange Server, including the so-called ProxyNotShell that was missed last month.
The Exchange Server “ProxyNotShell” vulnerabilities are CVE-2022-41040 and CVE-2022-41082. One is a Server-Side Request Forgery (SSRF) vulnerability and the other a remote code execution (RCE) vulnerability that exists when PowerShell is accessible to the attacker. The two can be chained together into an attack.
Add four more vulnerabilities to the Exchange Server menu to be addressed this month. Three of them are rated as important, and CVE-2022-41080 is another privilege escalation vulnerability considered critical and more likely to be exploited.
Mark of the Web
Another zero-day vulnerability we covered is CVE-2022-41091, a Windows Mark of the Web (MOTW) security feature bypass vulnerability. The MOTW security feature is responsible for helpful warnings like:
This file came from another computer and might be blocked to help protect this computer.
A researcher found that a malformed file signature could cause the MOTW warnings to be skipped.
Windows Scripting
A new vulnerability that could have serious consequences if you don’t apply the patch is CVE-2022-41128 a Windows Scripting Languages RCE vulnerability. This vulnerability impacts the JScript9 scripting language which is Microsoft’s version of JavaScript.
An attacker would have to host a specially crafted server share or website and would have to convince potential victims to visit the server share or website. This bug is being exploited in the wild.
Print Spooler
And, oh joy, another Print Spooler vulnerability. Under CVE-2022-41073 we find Windows Print Spooler Elevation of Privilege (EoP) vulnerability. A successful exploitation of this vulnerability could provide an attacker with system privileges. This bug is being exploited in the wild.
Windows CNG Key Isolation Service
That leaves us with the sixth zero-day, CVE-2022-41125. A Windows CNG Key Isolation Service EoP vulnerability that would allow an attacker who successfully exploited this vulnerability to gain system privileges. This bug is also being exploited in the wild.
The CNG key isolation service provides key process isolation to private keys and associated cryptographic operations. The service stores and uses long-lived keys in a secure process.
Other vendors
As per usual, other vendor also released important updates:
- Apple released Xcode 14.1 with numerous security updates.
- Citrix urged customers to install security updates for a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway.
- Google released Android security updates.
- OpenSSL published a security advisory about two buffer overflow vulnerabilities with a severity rating of High. The rating came as a bit of a surprise, since one of them was announced a week earlier as Critical.
- Samsung started rolling out November 2022 security updates for some of its devices.
- SAP released its November 2022 Patch Day updates.
- VMWare released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution that enable remote attackers to bypass authentication and elevate privileges to admin.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
