The November issue of Patch Tuesday is just around the corner, and this time Microsoft says it has fixed half a dozen zero-day vulnerabilities that are being exploited in the wild.
The most dangerous of the bunch are, of course, the zero-days. Two are followed as CVE-2022-41040 and CVE-2022-41082 and are used together to enable threat actors to execute malicious code remotely. The two were first spotted by Vietnamese investigators in September, when a cybercrime group was spotted infecting Exchange servers. Apparently, the group using these errors was based in China.
In total, Microsoft says it has fixed 68 bugs and vulnerabilities with varying risks to end-user endpoints.
Escalation of privileges
Microsoft also patched CVE-2022-41128, another remote code execution vulnerability that was most likely exploited by state-sponsored actors as it was discovered by Google’s TAG team, which commonly tracks nation-state cybercrime. .
Then there’s CVE-2022-41073 and CVE-2022-41125, two escalation-of-privilege vulnerabilities discovered by Microsoft’s Security Threat Intelligence Team, and CVE-2022-41091, a flaw that allows criminals to create malicious files that Mark can use. dodging the web flags.
Of the 68 bugs fixed this month, 11 were considered “critical” while the rest were labeled “important”. It usually takes about 24 hours for Microsoft to push the cumulative updates to most Windows-powered endpoints, so if you haven’t gotten your fix yet, give it a few more hours. If you can’t wait, you can also manually activate the update by going to Windows > Settings > Updates and security > Windows Update.
A more detailed overview of the flaws and the solutions can be found here (opens in new tab).
Microsoft has had a busy year resolving zero-day vulnerabilities in its tools and services. In early July 2022, it fixed a zero-day found in its Edge browser. Tracked as CVE-2022-2294, it is a very serious heap-based buffer overflow weakness.
A month earlier, the company fixed two bugs that could allow threat actors to run malware on target endpoints, one in Windows Search and one in Microsoft Office OLEObject. By using a weaponized Word document, the Search zero-day can be used to automatically open a search window containing remotely hosted malware. This was made possible by the way Windows handles a URI protocol handler called “search-ms”.
Through: Ars Technica (opens in new tab)
The post Microsoft just released a whole host of security fixes, so patch now appeared first on WhatsNew2Day.