The November edition of Patch Tuesday is upon us, and this time around, Microsoft says it has fixed half a dozen zero-day vulnerabilities that are being exploited in the wild.
The most dangerous of the bunch are, obviously, the zero-days. Two are tracked as CVE-2022-41040 and CVE-2022-41082 and are being used in conjunction to allow threat actors to execute malicious code, remotely. These two were first spotted by Vietnamese researchers this September, when a cybercrime group was observed infecting Exchange servers. Apparently, the group using these flaws was based in China.
In total, Microsoft says it fixed 68 flaws and vulnerabilities with varying degrees of risk to end-user endpoints.
Escalation of privilege
Microsoft also patched CVE-2022-41128, another remote code execution vulnerability which was most likely abused by state-sponsored actors, given that it was discovered by Google’s TAG team, which usually tracks nation-state cybercriminal activity.
Then there are CVE-2022-41073 and CVE-2022-41125, two escalation-of-privilege vulnerabilities, discovered by Microsoft’s Security Threat Intelligence Team, and CVE-2022-41091, a flaw allowing crooks to create malicious files capable of dodging Mark of the Web flags.
Out of the 68 flaws patched this month, 11 were deemed “critical”, while the rest were tagged as “important”. Usually, it takes roughly 24 hours for Microsoft to push the cumulative updates to most of Windows-powered endpoints, so in case you haven’t gotten your fix just yet, give it a few more hours. Those who can’t wait, can also trigger the update manually, by going to Windows > Settings > Updates and Security > Windows Update.
A more detailed breakdown of the flaws and the fixes can be found here (opens in new tab).
Microsoft has had a busy year fixing zero-day vulnerabilities across its tools and services. In early July 2022, it fixed a zero-day found in its Edge browser. Tracked as CVE-2022-2294, it’s a high-severity heap-based buffer overflow weakness.
A month earlier, the company fixed two flaws that allowed threat actors to run malware on target endpoints, one in Windows Search, and one in Microsoft Office OLEObject. Through the use of a weaponized Word document, the Search zero-day can be used to automatically open a search window with remotely hosted malware. This was made possible due to how Windows handles a URI protocol handler called “search-ms”.
Via: Ars Technica (opens in new tab)
