Report Name: Microsoft Patch Tuesday, October 2022Generated: 2022-10-28 01:36:04
Product Name | Prevalence | U | C | H | M | L | Comment |
---|---|---|---|---|---|---|---|
Active Directory | 0.9 | 1 | 2 | Active Directory is a directory service developed by Microsoft for Windows domain networks | |||
Windows Kernel | 0.9 | 9 | Windows Kernel | ||||
Windows NTLM | 0.9 | 1 | A suite of security protocols to authenticate users' identity and protect the integrity and confidentiality of their activity | ||||
Windows TCP/IP Driver | 0.9 | 1 | A kernel mode driver | ||||
Windows Win32k | 0.9 | 2 | Windows kernel-mode driver | ||||
Connected User Experiences and Telemetry | 0.8 | 1 | Windows component | ||||
Microsoft DWM Core Library | 0.8 | 1 | Windows component | ||||
Microsoft Edge | 0.8 | 2 | 14 | 2 | Web browser | ||
Microsoft Exchange | 0.8 | 2 | Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft | ||||
Microsoft Local Security Authority Server | 0.8 | 1 | LSASS, the Windows Local Security Authority Server process, handles Windows security mechanisms | ||||
Microsoft Windows | 0.8 | 1 | Windows component | ||||
Windows ALPC | 0.8 | 1 | Windows component | ||||
Windows CD-ROM File System Driver | 0.8 | 1 | Windows component | ||||
Windows COM+ Event System Service | 0.8 | 1 | Windows component | ||||
Windows Client Server Run-time Subsystem (CSRSS) | 0.8 | 2 | Windows component | ||||
Windows CryptoAPI | 0.8 | 1 | Windows component | ||||
Windows DHCP Client | 0.8 | 2 | Windows component | ||||
Windows DWM Core Library | 0.8 | 1 | Windows component | ||||
Windows Distributed File System (DFS) | 0.8 | 1 | Windows component | ||||
Windows Event Logging Service | 0.8 | 1 | Windows component | ||||
Windows GDI | 0.8 | 1 | Windows component | ||||
Windows Graphics Component | 0.8 | 1 | 2 | Windows component | |||
Windows Group Policy | 0.8 | 1 | Windows component | ||||
Windows Group Policy Preference Client | 0.8 | 3 | Windows component | ||||
Windows Kernel Memory | 0.8 | 1 | Windows component | ||||
Windows Local Security Authority (LSA) | 0.8 | 1 | Windows component | ||||
Windows Local Session Manager (LSM) | 0.8 | 2 | Windows component | ||||
Windows Mixed Reality Developer Tools | 0.8 | 1 | Windows component | ||||
Windows Point-to-Point Tunneling Protocol | 0.8 | 7 | 1 | Windows component | |||
Windows Portable Device Enumerator Service | 0.8 | 1 | Windows component | ||||
Windows Print Spooler | 0.8 | 1 | Windows component | ||||
Windows Secure Channel | 0.8 | 1 | Windows component | ||||
Windows Security Support Provider Interface | 0.8 | 1 | Windows component | ||||
Windows Server Remotely Accessible Registry Keys | 0.8 | 1 | Windows component | ||||
Windows Server Service | 0.8 | 1 | Windows component | ||||
Windows Storage | 0.8 | 1 | Windows component | ||||
Windows USB Serial Driver | 0.8 | 1 | Windows component | ||||
Windows WLAN Service | 0.8 | 1 | Windows component | ||||
Windows Workstation Service | 0.8 | 1 | Windows component | ||||
Microsoft SharePoint | 0.7 | 4 | Microsoft SharePoint | ||||
Microsoft Office | 0.6 | 1 | 2 | Microsoft Office | |||
Microsoft Office Graphics | 0.6 | 1 | Microsoft Office Graphics | ||||
Microsoft Word | 0.6 | 1 | MS Office product | ||||
Windows Hyper-V | 0.6 | 1 | Hardware virtualization component of the client editions of Windows NT | ||||
Azure Arc-enabled Kubernetes cluster Connect | 0.5 | 1 | Azure Arc-enabled Kubernetes cluster Connect | ||||
Internet Key Exchange (IKE) Protocol | 0.5 | 1 | Internet Key Exchange (IKE) Protocol | ||||
Microsoft Endpoint Configuration Manager | 0.5 | 1 | Microsoft Endpoint Configuration Manager | ||||
Microsoft ODBC Driver | 0.5 | 1 | Microsoft ODBC Driver | ||||
Microsoft WDAC OLE DB provider for SQL Server | 0.5 | 2 | Microsoft WDAC OLE DB provider for SQL Server | ||||
NuGet Client | 0.5 | 1 | NuGet Client | ||||
Service Fabric Explorer | 0.5 | 1 | Service Fabric Explorer | ||||
StorSimple 8000 Series | 0.5 | 1 | StorSimple 8000 Series | ||||
Web Account Manager | 0.5 | 1 | Web Account Manager | ||||
Visual Studio Code | 0.3 | 3 | Integrated development environment |
Vulnerability Type | Criticality | U | C | H | M | L | Comment |
---|---|---|---|---|---|---|---|
Remote Code Execution | 1.0 | 1 | 20 | 2 | Remote Code Execution | ||
Security Feature Bypass | 0.9 | 2 | 4 | Security Feature Bypass | |||
Denial of Service | 0.7 | 4 | 4 | Denial of Service | |||
Memory Corruption | 0.6 | 9 | Memory Corruption | ||||
Elevation of Privilege | 0.5 | 1 | 1 | 1 | 37 | Elevation of Privilege | |
Information Disclosure | 0.4 | 1 | 10 | Information Disclosure | |||
Spoofing | 0.4 | 1 | 5 | Spoofing | |||
Unknown Vulnerability Type | 0 | 2 | Unknown Vulnerability Type |
1. Remote Code Execution - Microsoft Exchange (CVE-2022-41082) - Urgent [948]
Description: Microsoft
MS PT Extended: CVE-2022-41082 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
qualys: Microsoft Exchange “ProxyNotShell” Zero-Days Not Yet Addressed (QID 50122) Unfortunately, Microsoft has not released security updates to address ProxyNotShell which includes two actively exploited zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082. Released: October 2022 Exchange Server Security Updates provides the following update: NOTE The October 2022 SUs do not contain fixes for the zero-day vulnerabilities reported publicly on September 29, 2022 (CVE-2022-41040 and CVE-2022-41082). Please see this blog post to apply mitigations for those vulnerabilities. We will release updates for CVE-2022-41040 and CVE-2022-41082 when they are ready. Ankit Malhotra, Manager, Signature Engineering suggests, “It’s worth noting that Microsoft has had to revise the mitigation for CVE-2022-41040 more than once, as the suggested URL rewrite Mitigation was bypassed multiple times. Organizations that reacted to the ProxyShell vulnerability should also pay close attention to this, taking their lessons learned on rapid remediation, as this vulnerability can potentially see increased exploitation.”
qualys: Qualys Threat Protection High-Rated Advisories Published between September 14 – October 12, 2022, Most Recent First Microsoft Patch Tuesday, October 2022 Edition: 84 Vulnerabilities patched including 12 Microsoft Edge (Chromium-Based), 2 Zero-days, and 13 Rated as CriticalZimbra Collaboration Suite Remote Code Execution Vulnerability (CVE-2022-41352)FortiGate and FortiProxy Authentication Bypass Vulnerability on Administrative Interface (HTTP/HTTPS) (CVE-2022-40684)Microsoft Exchange Server Zero-day Vulnerabilities (CVE-2022-41040 and CVE-2022-41082) (ProxyNotShell)Sophos Firewall Remote Code Execution Vulnerability (CVE-2022-3236)Zoho ManageEngine PAM360, Access Manager Plus, and Password Manager Pro Remote Code Execution Vulnerability (CVE-2022-35405)Trend Micro Patches Multiple Vulnerabilities in Apex One (On-Premise) Including One Zero-day (CVE-2022-40139)Cisco Patched Multiple Vulnerabilities in Multiple Products including NVIDIA Data Plane Development KitApple Patches Multiple Vulnerabilities in macOS Big Sur and macOS Monterey including One Zero-day (CVE-2022-32894)Microsoft Patches Vulnerabilities 79 including 16 Microsoft Edge (Chromium-Based); with 2 Zero-days and 5 Critical in Patch Tuesday, September 2022 Edition
qualys: Hans-Juergen Kreutzer says: October 13, 2022 at 12:29 AM What is the QID for October 2022 “Exchange Server Security Updates “ Reply to Hans-Juergen 1 Debra M. Fezza Reed says: October 17, 2022 at 1:27 PM ProxyNotShell which includes two actively exploited zero-day vulnerabilities is being tracked in Qualys as QID 50122 (CVE-2022-41040 and CVE-2022-41082). Reply to Debra 1
tenable: Note: Microsoft has not included patches for the two zero-day vulnerabilities in Microsoft Exchange, CVE-2022-41040 and CVE-2022-41082, that were disclosed on September 28 in this release.
rapid7: Top of mind for many this month is whether Microsoft would patch the two Exchange Server zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) disclosed at the end of September. While Microsoft was relatively quick to acknowledge the vulnerabilities and provide mitigation steps, their guidance has continually changed as the recommended rules to block attack traffic get bypassed. This whack-a-mole approach seems likely to continue until a proper patch addressing the root causes is available; unfortunately, it doesn’t look like that will be happening today. Thankfully, the impact should be more limited than 2021’s ProxyShell and ProxyLogon vulnerabilities due to attackers needing to be authenticated to the server for successful exploitation. Reports are also surfacing about an additional zero-day distinct from these being used in ransomware attacks; however, these have not yet been substantiated.
2. Elevation of Privilege - Microsoft Exchange (CVE-2022-41040) - Urgent [847]
Description: Microsoft
MS PT Extended: CVE-2022-41040 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
qualys: Microsoft Exchange “ProxyNotShell” Zero-Days Not Yet Addressed (QID 50122) Unfortunately, Microsoft has not released security updates to address ProxyNotShell which includes two actively exploited zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082. Released: October 2022 Exchange Server Security Updates provides the following update: NOTE The October 2022 SUs do not contain fixes for the zero-day vulnerabilities reported publicly on September 29, 2022 (CVE-2022-41040 and CVE-2022-41082). Please see this blog post to apply mitigations for those vulnerabilities. We will release updates for CVE-2022-41040 and CVE-2022-41082 when they are ready. Ankit Malhotra, Manager, Signature Engineering suggests, “It’s worth noting that Microsoft has had to revise the mitigation for CVE-2022-41040 more than once, as the suggested URL rewrite Mitigation was bypassed multiple times. Organizations that reacted to the ProxyShell vulnerability should also pay close attention to this, taking their lessons learned on rapid remediation, as this vulnerability can potentially see increased exploitation.”
qualys: Qualys Threat Protection High-Rated Advisories Published between September 14 – October 12, 2022, Most Recent First Microsoft Patch Tuesday, October 2022 Edition: 84 Vulnerabilities patched including 12 Microsoft Edge (Chromium-Based), 2 Zero-days, and 13 Rated as CriticalZimbra Collaboration Suite Remote Code Execution Vulnerability (CVE-2022-41352)FortiGate and FortiProxy Authentication Bypass Vulnerability on Administrative Interface (HTTP/HTTPS) (CVE-2022-40684)Microsoft Exchange Server Zero-day Vulnerabilities (CVE-2022-41040 and CVE-2022-41082) (ProxyNotShell)Sophos Firewall Remote Code Execution Vulnerability (CVE-2022-3236)Zoho ManageEngine PAM360, Access Manager Plus, and Password Manager Pro Remote Code Execution Vulnerability (CVE-2022-35405)Trend Micro Patches Multiple Vulnerabilities in Apex One (On-Premise) Including One Zero-day (CVE-2022-40139)Cisco Patched Multiple Vulnerabilities in Multiple Products including NVIDIA Data Plane Development KitApple Patches Multiple Vulnerabilities in macOS Big Sur and macOS Monterey including One Zero-day (CVE-2022-32894)Microsoft Patches Vulnerabilities 79 including 16 Microsoft Edge (Chromium-Based); with 2 Zero-days and 5 Critical in Patch Tuesday, September 2022 Edition
qualys: Try It for Free! Sign up now for a no-cost trial of Qualys Custom Assessment and Remediation Customers can perform the provided mitigation steps by creating a PowerShell script and executing the script on vulnerable assets. IMPORTANT: Scripts tend to change over time. Referring back to a portion of our quote from Ankit Malhotra at the top of this blog, “It’s worth noting that Microsoft has had to revise the mitigation for CVE-2022-41040 more than once, as the suggested URL rewrite Mitigation was bypassed multiple times.” Please refer to the Qualys GitHub Tuesday Patch link to ensure the most current version of a given Patch Tuesday script is in use.
qualys: Hans-Juergen Kreutzer says: October 13, 2022 at 12:29 AM What is the QID for October 2022 “Exchange Server Security Updates “ Reply to Hans-Juergen 1 Debra M. Fezza Reed says: October 17, 2022 at 1:27 PM ProxyNotShell which includes two actively exploited zero-day vulnerabilities is being tracked in Qualys as QID 50122 (CVE-2022-41040 and CVE-2022-41082). Reply to Debra 1
tenable: Note: Microsoft has not included patches for the two zero-day vulnerabilities in Microsoft Exchange, CVE-2022-41040 and CVE-2022-41082, that were disclosed on September 28 in this release.
rapid7: Top of mind for many this month is whether Microsoft would patch the two Exchange Server zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) disclosed at the end of September. While Microsoft was relatively quick to acknowledge the vulnerabilities and provide mitigation steps, their guidance has continually changed as the recommended rules to block attack traffic get bypassed. This whack-a-mole approach seems likely to continue until a proper patch addressing the root causes is available; unfortunately, it doesn’t look like that will be happening today. Thankfully, the impact should be more limited than 2021’s ProxyShell and ProxyLogon vulnerabilities due to attackers needing to be authenticated to the server for successful exploitation. Reports are also surfacing about an additional zero-day distinct from these being used in ransomware attacks; however, these have not yet been substantiated.
3. Elevation of Privilege - Windows COM+ Event System Service (CVE-2022-41033) - Critical [604]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, Microsoft websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
qualys: Microsoft Patch Tuesday Summary Microsoft has fixed 84 vulnerabilities (aka flaws) in the October 2022 update, including 13 vulnerabilities classified as Critical as they allow Elevation of Privilege (EoP), Remote Code Execution (RCE), and Spoofing. This month’s Patch Tuesday fixes two (2) zero-day vulnerabilities, with one (1) actively exploited* in attacks (CVE-2022-41033*, CVE-2022-41043). Earlier this month, on October 3 and 6, 2022, Microsoft also released a total of 12 Microsoft Edge (Chromium-Based) updates, one (1) addressing Spoofing (CVE-2022-41035) ranked Moderate. Microsoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, Spoofing, Microsoft Edge (Chromium-based), and Microsoft Edge (Chromium-based) / Spoofing.
qualys: CVE-2022-41033 | Windows COM+ Event System Service Elevation of Privilege (EoP) Vulnerability This vulnerability has a CVSSv3.1 score of 7.8/10. Classified as Critical, this issue affects an unknown function of the component COM+ Event System Service. The impact of exploitation is loss of confidentiality, integrity, and availability. Microsoft has not disclosed how the vulnerability is being exploited or if it is being exploited in targeted or more widespread attacks. They only say that the attack complexity is low and that it requires no user interaction for the attacker to be able to achieve SYSTEM privileges. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Patch Installation should be considered Critical. Saeed Abbasi, Manager, Vulnerability Signatures adds, “This patch fixes a security vulnerability that Microsoft stated is under active attack. However, it is not clear how severe these attacks are. Due to the nature of this vulnerability, a privilege escalation that often engages some social engineering (e.g. requiring the user to open a malicious attachment), history shows that it potentially needs to be chained with a code execution bug to exploit.” Exploitability Assessment: Exploitation Detected
tenable: CVE-2022-41033 is an EoP vulnerability in the Windows COM+ Event System Service, which enables system event notifications for COM+ component services. It received a CVSSv3 score of 7.8. An authenticated attacker could exploit this vulnerability to elevate privileges on a vulnerable system and gain SYSTEM privileges.
rapid7: Microsoft did address two other zero-day vulnerabilities with today’s patches. CVE-2022-41033, an Elevation of Privilege vulnerability affecting the COM+ Event System Service in all supported versions of Windows, has been seen exploited in the wild. CVE-2022-41043 is an Information Disclosure vulnerability affecting Office for Mac that was publicly disclosed but not (yet) seen exploited in the wild.
zdi: CVE-2022-41033 – Windows COM+ Event System Service Elevation of Privilege Vulnerability. This patch fixes a bug that Microsoft lists as being used in active attacks, although they specify how broad these attacks may be. Since this is a privilege escalation bug, it is likely paired with other code execution exploits designed to take over a system. These types of attacks often involve some form of social engineering, such as enticing a user to open an attachment or browse to a malicious website. Despite near-constant anti-phishing training, especially during “Cyber Security Awareness Month”, people tend to click everything, so test and deploy this fix quickly.
4. Remote Code Execution - Windows Point-to-Point Tunneling Protocol (CVE-2022-38000) - High [554]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0.4 | 17 | The existence of a public exploit is mentioned in Microsoft CVSS Temporal Score (Proof-of-Concept Exploit) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on Microsoft data |
5. Remote Code Execution - Microsoft Edge (CVE-2022-3195) - High [475]
Description: Chromium: CVE-2022-3195
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Web browser | |
0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Vulners data |
MS PT Extended: CVE-2022-3195 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
6. Remote Code Execution - Windows CD-ROM File System Driver (CVE-2022-38044) - High [462]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
7. Remote Code Execution - Windows GDI (CVE-2022-33635) - High [462]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
8. Remote Code Execution - Windows Point-to-Point Tunneling Protocol (CVE-2022-22035) - High [462]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on Microsoft data |
9. Remote Code Execution - Windows Point-to-Point Tunneling Protocol (CVE-2022-24504) - High [462]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on Microsoft data |
10. Remote Code Execution - Windows Point-to-Point Tunneling Protocol (CVE-2022-30198) - High [462]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on Microsoft data |
11. Remote Code Execution - Windows Point-to-Point Tunneling Protocol (CVE-2022-33634) - High [462]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on Microsoft data |
12. Remote Code Execution - Windows Point-to-Point Tunneling Protocol (CVE-2022-38047) - High [462]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on Microsoft data |
13. Remote Code Execution - Windows Point-to-Point Tunneling Protocol (CVE-2022-41081) - High [462]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on Microsoft data |
14. Security Feature Bypass - Active Directory (CVE-2022-37978) - High [460]
Description: Windows
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.9 | 15 | Security Feature Bypass | |
0.9 | 14 | Active Directory is a directory service developed by Microsoft for Windows domain networks | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
15. Remote Code Execution - Microsoft SharePoint (CVE-2022-38053) - High [456]
Description: Microsoft
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Microsoft SharePoint | |
0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
tenable: CVE-2022-38053, CVE-2022-41036, CVE-2022-41037 and CVE-2022-41038 are RCE vulnerabilities in Microsoft SharePoint Server that all received a CVSSv3 score of 8.8. All except CVE-2022-41037 were rated “Exploitation More Likely,” and CVE-2022-41038 is the only one that has a critical rating. To exploit these vulnerabilities, a network-based attacker would need to be authenticated to the target SharePoint site with permission to use Manage Lists.
16. Remote Code Execution - Microsoft SharePoint (CVE-2022-41036) - High [456]
Description: Microsoft
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Microsoft SharePoint | |
0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
tenable: CVE-2022-38053, CVE-2022-41036, CVE-2022-41037 and CVE-2022-41038 are RCE vulnerabilities in Microsoft SharePoint Server that all received a CVSSv3 score of 8.8. All except CVE-2022-41037 were rated “Exploitation More Likely,” and CVE-2022-41038 is the only one that has a critical rating. To exploit these vulnerabilities, a network-based attacker would need to be authenticated to the target SharePoint site with permission to use Manage Lists.
17. Remote Code Execution - Microsoft SharePoint (CVE-2022-41037) - High [456]
Description: Microsoft
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Microsoft SharePoint | |
0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
tenable: CVE-2022-38053, CVE-2022-41036, CVE-2022-41037 and CVE-2022-41038 are RCE vulnerabilities in Microsoft SharePoint Server that all received a CVSSv3 score of 8.8. All except CVE-2022-41037 were rated “Exploitation More Likely,” and CVE-2022-41038 is the only one that has a critical rating. To exploit these vulnerabilities, a network-based attacker would need to be authenticated to the target SharePoint site with permission to use Manage Lists.
18. Remote Code Execution - Microsoft SharePoint (CVE-2022-41038) - High [456]
Description: Microsoft
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Microsoft SharePoint | |
0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
qualys: CVE-2022-41038 | Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability This vulnerability has a CVSSv3.1 score of 8.8/10. In a network-based attack, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server. The attacker must be authenticated to the target site, with permission to use Manage Lists within SharePoint. NOTE: Customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013. Exploitability Assessment: Exploitation More Likely
tenable: CVE-2022-38053, CVE-2022-41036, CVE-2022-41037 and CVE-2022-41038 are RCE vulnerabilities in Microsoft SharePoint Server that all received a CVSSv3 score of 8.8. All except CVE-2022-41037 were rated “Exploitation More Likely,” and CVE-2022-41038 is the only one that has a critical rating. To exploit these vulnerabilities, a network-based attacker would need to be authenticated to the target SharePoint site with permission to use Manage Lists.
rapid7: Nine CVEs categorized as Remote Code Execution (RCE) with Critical severity were also patched today – seven of them affect the Point-to-Point Tunneling Protocol, and like those fixed last month, require an attacker to win a race condition to exploit them. CVE-2022-38048 affects all supported versions of Office, and CVE-2022-41038 could allow an attacker authenticated to SharePoint to execute arbitrary code on the server, provided the account has “Manage List” permissions.
19. Elevation of Privilege - Windows Graphics Component (CVE-2022-38051) - High [452]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0.4 | 17 | The existence of a public exploit is mentioned in Microsoft CVSS Temporal Score (Proof-of-Concept Exploit) | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
20. Spoofing - Microsoft Edge (CVE-2022-41035) - High [432]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0.4 | 17 | The existence of a public exploit is mentioned in Microsoft CVSS Temporal Score (Proof-of-Concept Exploit) | |
0.4 | 15 | Spoofing | |
0.8 | 14 | Web browser | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.3. Based on Microsoft data |
MS PT Extended: CVE-2022-41035 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
qualys: Microsoft Patch Tuesday Summary Microsoft has fixed 84 vulnerabilities (aka flaws) in the October 2022 update, including 13 vulnerabilities classified as Critical as they allow Elevation of Privilege (EoP), Remote Code Execution (RCE), and Spoofing. This month’s Patch Tuesday fixes two (2) zero-day vulnerabilities, with one (1) actively exploited* in attacks (CVE-2022-41033*, CVE-2022-41043). Earlier this month, on October 3 and 6, 2022, Microsoft also released a total of 12 Microsoft Edge (Chromium-Based) updates, one (1) addressing Spoofing (CVE-2022-41035) ranked Moderate. Microsoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, Spoofing, Microsoft Edge (Chromium-based), and Microsoft Edge (Chromium-based) / Spoofing.
qualys: Microsoft Edge | Last But Not Least Earlier in October 2022, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities including CVE-2022-41035. The vulnerability assigned to the CVE is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. For more information, please see Security Update Guide Supports CVEs Assigned by Industry Partners.
qualys: CVE-2022-41035 | Microsoft Edge (Chromium-based) Spoofing Vulnerability This vulnerability has a CVSSv3.1 score of 8.3/10. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. Per Microsoft severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity. The CVSS scoring system doesn’t allow for this type of nuance. Severity: Moderate Exploitability Assessment: Exploitation Less Likely
21. Remote Code Execution - Microsoft Office (CVE-2022-38048) - High [424]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Microsoft Office | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
qualys: CVE-2022-38048 | Microsoft Office Remote Code Execution (RCE) Vulnerability This vulnerability has a CVSSv3.1 score of 7.8/10. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. When a particular vulnerability allows an attacker to execute “arbitrary code”, it typically means that the bad guy can run any command on the target system the attacker chooses. Source For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. The impact of exploitation is loss of confidentiality, integrity, and availability. NOTE: Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. Exploitability Assessment: Exploitation More Likely
rapid7: Nine CVEs categorized as Remote Code Execution (RCE) with Critical severity were also patched today – seven of them affect the Point-to-Point Tunneling Protocol, and like those fixed last month, require an attacker to win a race condition to exploit them. CVE-2022-38048 affects all supported versions of Office, and CVE-2022-41038 could allow an attacker authenticated to SharePoint to execute arbitrary code on the server, provided the account has “Manage List” permissions.
zdi: CVE-2022-38048 – Microsoft Office Remote Code Execution Vulnerability. This bug was reported to the ZDI by the researcher known as “hades_kito” and represents a rare Critical-rated Office bug. Most Office vulnerabilities are rated Important since they involve user interaction – typically opening a file. An exception to that is when the Preview Pane is an attack vector, however, Microsoft states that isn’t the case here. Likely the rating results from the lack of warning dialogs when opening a specially crafted file. Either way, this is a UAF that could lead to passing an arbitrary pointer to a free call which makes further memory corruption possible.
22. Remote Code Execution - Microsoft Office Graphics (CVE-2022-38049) - High [424]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Microsoft Office Graphics | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
23. Remote Code Execution - Microsoft Word (CVE-2022-41031) - High [424]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | MS Office product | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
24. Denial of Service - Windows TCP/IP Driver (CVE-2022-33645) - High [420]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | A kernel mode driver | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
qualys: CVE-2022-33645 | Windows TCP/IP Driver Denial of Service (DoS) Vulnerability This vulnerability has a CVSSv3.1 score of 7.5/10. Exploitability Assessment: Exploitation Less Likely GitHub Link for CVE-2022-33645 Script
qualys: Write-Host "IPV6 has been disabled as part of workaround implementation. CVE-2022-33645 is now mitigated,"
qualys: CVE-2022-33645 | Windows TCP/IP Driver Denial of Service (DoS) Vulnerability This vulnerability has a CVSSv3.1 score of 7.5/10. Policy Compliance Control IDs (CIDs): 4842 Status of the ‘Internet Protocol version 6 (IPv6) components’ setting Exploitability Assessment: Exploitation Less Likely
25. Information Disclosure - Windows Server Remotely Accessible Registry Keys (CVE-2022-38033) - High [418]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0.4 | 17 | The existence of a public exploit is mentioned in Microsoft CVSS Temporal Score (Proof-of-Concept Exploit) | |
0.4 | 15 | Information Disclosure | |
0.8 | 14 | Windows component | |
0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
26. Remote Code Execution - Microsoft ODBC Driver (CVE-2022-38040) - High [418]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Microsoft ODBC Driver | |
0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
27. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2022-37982) - High [418]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Microsoft WDAC OLE DB provider for SQL Server | |
0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
28. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2022-38031) - High [418]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Microsoft WDAC OLE DB provider for SQL Server | |
0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
29. Security Feature Bypass - Windows Portable Device Enumerator Service (CVE-2022-38032) - High [414]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Windows component | |
0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.9. Based on Microsoft data |
30. Denial of Service - Windows Local Session Manager (LSM) (CVE-2022-37973) - High [401]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.7. Based on Microsoft data |
31. Denial of Service - Windows Local Session Manager (LSM) (CVE-2022-37998) - High [401]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.7. Based on Microsoft data |
32. Denial of Service - Windows Secure Channel (CVE-2022-38041) - High [401]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
33. Memory Corruption - Microsoft Edge (CVE-2022-3196) - Medium [394]
Description: Chromium: CVE-2022-3196
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.6 | 15 | Memory Corruption | |
0.8 | 14 | Web browser | |
0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Vulners data |
MS PT Extended: CVE-2022-3196 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
34. Memory Corruption - Microsoft Edge (CVE-2022-3197) - Medium [394]
Description: Chromium: CVE-2022-3197
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.6 | 15 | Memory Corruption | |
0.8 | 14 | Web browser | |
0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Vulners data |
MS PT Extended: CVE-2022-3197 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
35. Memory Corruption - Microsoft Edge (CVE-2022-3198) - Medium [394]
Description: Chromium: CVE-2022-3198
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.6 | 15 | Memory Corruption | |
0.8 | 14 | Web browser | |
0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Vulners data |
MS PT Extended: CVE-2022-3198 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
36. Memory Corruption - Microsoft Edge (CVE-2022-3199) - Medium [394]
Description: Chromium: CVE-2022-3199
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.6 | 15 | Memory Corruption | |
0.8 | 14 | Web browser | |
0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Vulners data |
MS PT Extended: CVE-2022-3199 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
37. Memory Corruption - Microsoft Edge (CVE-2022-3200) - Medium [394]
Description: Chromium: CVE-2022-3200 Heap
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.6 | 15 | Memory Corruption | |
0.8 | 14 | Web browser | |
0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Vulners data |
MS PT Extended: CVE-2022-3200 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
38. Elevation of Privilege - Active Directory (CVE-2022-37976) - Medium [393]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.9 | 14 | Active Directory is a directory service developed by Microsoft for Windows domain networks | |
0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
qualys: CVE-2022-37976 | Active Directory Certificate Services Elevation of Privilege (EoP) Vulnerability This vulnerability has a CVSSv3.1 score of 8.8/10. A malicious DCOM client could coerce a DCOM server to authenticate to it through the Active Directory Certificate Service (ADCS) and use the credential to launch a cross-protocol attack. An attacker who successfully exploited this vulnerability could gain domain administrator privileges. Exploitability Assessment: Exploitation Less Likely
qualys: CVE-2022-37976 | Active Directory Certificate Services Elevation of Privilege (EoP) Vulnerability This vulnerability has a CVSSv3.1 score of 8.8/10. Exploitability Assessment: Exploitation Less Likely GitHub Link for CVE-2022-37976 Script
qualys: Write-Host "ADCS found running. LegacyAuthenticationLevel is set to 5. Mitigation for CVE-2022-37976 has been applied as per MSRC guidelines. "
qualys: CVE-2022-37976 | Active Directory Certificate Services Elevation of Privilege (EoP) Vulnerability This vulnerability has a CVSSv3.1 score of 8.8/10. Policy Compliance Control IDs (CIDs): 4079 Status of the ‘Active Directory Certificate Service’ 14916 Status of Windows Services 24842 Status of the ‘LegacyAuthenticationLevel’ setting Exploitability Assessment: Exploitation Less Likely
tenable: CVE-2022-37976 is an EoP vulnerability affecting Active Directory Certificate Services. According to the advisory, a malicious Distributed Component Object Model (DCOM) client could be used to entice a DCOM server to authenticate to the client, allowing an attacker to perform a cross-protocol attack and gain domain administrator privileges. While Microsoft rates this as “Exploitation Less Likely,” ransomware groups often seek out vulnerabilities and misconfigurations in Active Directory to leverage for spreading malicious payloads across an organization's network. As highlighted in Tenable’s Ransomware Ecosystem report, Active Directory plays a pivotal role in ransomware attacks.
39. Denial of Service - Microsoft Local Security Authority Server (CVE-2022-37977) - Medium [387]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | LSASS, the Windows Local Security Authority Server process, handles Windows security mechanisms | |
0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
40. Elevation of Privilege - Windows Kernel (CVE-2022-37988) - Medium [379]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.9 | 14 | Windows Kernel | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
tenable: CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038 and CVE-2022-38039 are EoP vulnerabilities in the Windows Kernel. With the exception of CVE-2022-38022, all the CVEs received CVSSv3 scores of 7.8 and could allow an attacker to elevate their privileges to SYSTEM. CVE-2022-38022 was scored CVSSv3 of 2.5 and would only allow an attacker to delete empty folders as SYSTEM. The attacker would not be able to view or edit files, nor delete folders that were not empty.
41. Elevation of Privilege - Windows Kernel (CVE-2022-37990) - Medium [379]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.9 | 14 | Windows Kernel | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
tenable: CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038 and CVE-2022-38039 are EoP vulnerabilities in the Windows Kernel. With the exception of CVE-2022-38022, all the CVEs received CVSSv3 scores of 7.8 and could allow an attacker to elevate their privileges to SYSTEM. CVE-2022-38022 was scored CVSSv3 of 2.5 and would only allow an attacker to delete empty folders as SYSTEM. The attacker would not be able to view or edit files, nor delete folders that were not empty.
42. Elevation of Privilege - Windows Kernel (CVE-2022-37991) - Medium [379]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.9 | 14 | Windows Kernel | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
tenable: CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038 and CVE-2022-38039 are EoP vulnerabilities in the Windows Kernel. With the exception of CVE-2022-38022, all the CVEs received CVSSv3 scores of 7.8 and could allow an attacker to elevate their privileges to SYSTEM. CVE-2022-38022 was scored CVSSv3 of 2.5 and would only allow an attacker to delete empty folders as SYSTEM. The attacker would not be able to view or edit files, nor delete folders that were not empty.
43. Elevation of Privilege - Windows Kernel (CVE-2022-37995) - Medium [379]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.9 | 14 | Windows Kernel | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
tenable: CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038 and CVE-2022-38039 are EoP vulnerabilities in the Windows Kernel. With the exception of CVE-2022-38022, all the CVEs received CVSSv3 scores of 7.8 and could allow an attacker to elevate their privileges to SYSTEM. CVE-2022-38022 was scored CVSSv3 of 2.5 and would only allow an attacker to delete empty folders as SYSTEM. The attacker would not be able to view or edit files, nor delete folders that were not empty.
44. Elevation of Privilege - Windows Kernel (CVE-2022-38003) - Medium [379]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.9 | 14 | Windows Kernel | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
45. Elevation of Privilege - Windows Kernel (CVE-2022-38037) - Medium [379]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.9 | 14 | Windows Kernel | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
tenable: CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038 and CVE-2022-38039 are EoP vulnerabilities in the Windows Kernel. With the exception of CVE-2022-38022, all the CVEs received CVSSv3 scores of 7.8 and could allow an attacker to elevate their privileges to SYSTEM. CVE-2022-38022 was scored CVSSv3 of 2.5 and would only allow an attacker to delete empty folders as SYSTEM. The attacker would not be able to view or edit files, nor delete folders that were not empty.
46. Elevation of Privilege - Windows Kernel (CVE-2022-38038) - Medium [379]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.9 | 14 | Windows Kernel | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
tenable: CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038 and CVE-2022-38039 are EoP vulnerabilities in the Windows Kernel. With the exception of CVE-2022-38022, all the CVEs received CVSSv3 scores of 7.8 and could allow an attacker to elevate their privileges to SYSTEM. CVE-2022-38022 was scored CVSSv3 of 2.5 and would only allow an attacker to delete empty folders as SYSTEM. The attacker would not be able to view or edit files, nor delete folders that were not empty.
47. Elevation of Privilege - Windows Kernel (CVE-2022-38039) - Medium [379]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.9 | 14 | Windows Kernel | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
tenable: CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038 and CVE-2022-38039 are EoP vulnerabilities in the Windows Kernel. With the exception of CVE-2022-38022, all the CVEs received CVSSv3 scores of 7.8 and could allow an attacker to elevate their privileges to SYSTEM. CVE-2022-38022 was scored CVSSv3 of 2.5 and would only allow an attacker to delete empty folders as SYSTEM. The attacker would not be able to view or edit files, nor delete folders that were not empty.
48. Elevation of Privilege - Windows Win32k (CVE-2022-37986) - Medium [379]
Description: Windows
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.9 | 14 | Windows kernel-mode driver | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
49. Elevation of Privilege - Windows Win32k (CVE-2022-38050) - Medium [379]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.9 | 14 | Windows kernel-mode driver | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
50. Spoofing - Microsoft Endpoint Configuration Manager (CVE-2022-37972) - Medium [375]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0.4 | 17 | The existence of a public exploit is mentioned in Microsoft CVSS Temporal Score (Proof-of-Concept Exploit) | |
0.4 | 15 | Spoofing | |
0.5 | 14 | Microsoft Endpoint Configuration Manager | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
MS PT Extended: CVE-2022-37972 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
51. Denial of Service - Windows Point-to-Point Tunneling Protocol (CVE-2022-37965) - Medium [374]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | Windows component | |
0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.9. Based on Microsoft data |
52. Elevation of Privilege - Windows Local Security Authority (LSA) (CVE-2022-38016) - Medium [374]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
53. Elevation of Privilege - Windows Server Service (CVE-2022-38045) - Medium [374]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
54. Remote Code Execution - Visual Studio Code (CVE-2022-41034) - Medium [367]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.3 | 14 | Integrated development environment | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
55. Elevation of Privilege - Active Directory (CVE-2022-38042) - Medium [366]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.9 | 14 | Active Directory is a directory service developed by Microsoft for Windows domain networks | |
0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.1. Based on Microsoft data |
56. Elevation of Privilege - Microsoft DWM Core Library (CVE-2022-37983) - Medium [360]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
57. Elevation of Privilege - Windows Client Server Run-time Subsystem (CSRSS) (CVE-2022-37987) - Medium [360]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
zdi: CVE-2022-37987/CVE-2022-37989 – Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. These bugs were reported by ZDI Sr. Vulnerability Researcher Simon Zuckerbraun and pertain to the behavior of the CSRSS process when it searches for dependencies. CVS-2022-37989 is a failed patch for CVE-2022-22047, an earlier bug that saw some in-the-wild exploitation. This vulnerability results from CSRSS being too lenient in accepting input from untrusted processes. By contrast, CVE-2022-37987 is a new attack that works by deceiving CSRSS into loading dependency information from an unsecured location. We’ll publish additional details about these bugs on our blog in the future.
58. Elevation of Privilege - Windows Client Server Run-time Subsystem (CSRSS) (CVE-2022-37989) - Medium [360]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
zdi: CVE-2022-37987/CVE-2022-37989 – Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. These bugs were reported by ZDI Sr. Vulnerability Researcher Simon Zuckerbraun and pertain to the behavior of the CSRSS process when it searches for dependencies. CVS-2022-37989 is a failed patch for CVE-2022-22047, an earlier bug that saw some in-the-wild exploitation. This vulnerability results from CSRSS being too lenient in accepting input from untrusted processes. By contrast, CVE-2022-37987 is a new attack that works by deceiving CSRSS into loading dependency information from an unsecured location. We’ll publish additional details about these bugs on our blog in the future.
59. Elevation of Privilege - Windows DHCP Client (CVE-2022-37980) - Medium [360]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
60. Elevation of Privilege - Windows DWM Core Library (CVE-2022-37970) - Medium [360]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
61. Elevation of Privilege - Windows Graphics Component (CVE-2022-37997) - Medium [360]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
62. Elevation of Privilege - Windows Group Policy (CVE-2022-37975) - Medium [360]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
63. Elevation of Privilege - Windows Group Policy Preference Client (CVE-2022-37993) - Medium [360]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
64. Elevation of Privilege - Windows Group Policy Preference Client (CVE-2022-37994) - Medium [360]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
65. Elevation of Privilege - Windows Group Policy Preference Client (CVE-2022-37999) - Medium [360]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
66. Elevation of Privilege - Windows Print Spooler (CVE-2022-38028) - Medium [360]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
tenable: CVE-2022-38028 is an EoP vulnerability in Windows Print Spooler components that received a CVSSv3 score of 7.8 and was rated “Exploitation More Likely” according to Microsoft’s Exploitability Index. Exploitation would allow an attacker to gain SYSTEM privileges. The flaw was disclosed to Microsoft by the National Security Agency. This marks the third EoP vulnerability in Windows Print Spooler credited to the NSA this year, following CVE-2022-29104 and CVE-2022-30138 in May.
67. Elevation of Privilege - Windows WLAN Service (CVE-2022-37984) - Medium [360]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
68. Remote Code Execution - Microsoft Edge (CVE-2022-3373) - Medium [354]
Description: Chromium: CVE-2022-3373
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Web browser | |
0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |
MS PT Extended: CVE-2022-3373 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
69. Denial of Service - Windows Event Logging Service (CVE-2022-37981) - Medium [347]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | Windows component | |
0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.3. Based on Microsoft data |
70. Elevation of Privilege - Connected User Experiences and Telemetry (CVE-2022-38021) - Medium [347]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
71. Elevation of Privilege - Microsoft Windows (CVE-2022-37971) - Medium [347]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.1. Based on Microsoft data |
72. Elevation of Privilege - Windows ALPC (CVE-2022-38029) - Medium [347]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
73. Elevation of Privilege - Windows Storage (CVE-2022-38027) - Medium [347]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
74. Spoofing - Windows NTLM (CVE-2022-35770) - Medium [345]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.4 | 15 | Spoofing | |
0.9 | 14 | A suite of security protocols to authenticate users' identity and protect the integrity and confidentiality of their activity | |
0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
75. Denial of Service - Internet Key Exchange (IKE) Protocol (CVE-2022-38036) - Medium [344]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | Internet Key Exchange (IKE) Protocol | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
76. Spoofing - Windows CryptoAPI (CVE-2022-34689) - Medium [340]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.4 | 15 | Spoofing | |
0.8 | 14 | Windows component | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
qualys: CVE-2022-34689 | Windows CryptoAPI Spoofing Vulnerability This vulnerability has a CVSSv3.1 score of 7.5/10. An attacker could manipulate an existing public x.509 certificate to spoof their identify and perform actions such as authentication or code signing as the targeted certificate. The technical details are unknown, and an exploit is not publicly available. The impact is known to affect integrity. Exploitability Assessment: Exploitation More Likely
77. Security Feature Bypass - Microsoft Edge (CVE-2022-3308) - Medium [333]
Description: Chromium: CVE-2022-3308
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Web browser | |
0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |
MS PT Extended: CVE-2022-3308 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
78. Security Feature Bypass - Microsoft Edge (CVE-2022-3310) - Medium [333]
Description: Chromium: CVE-2022-3310
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Web browser | |
0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |
MS PT Extended: CVE-2022-3310 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
79. Security Feature Bypass - Microsoft Edge (CVE-2022-3316) - Medium [333]
Description: Chromium: CVE-2022-3316
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Web browser | |
0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |
MS PT Extended: CVE-2022-3316 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
80. Security Feature Bypass - Microsoft Edge (CVE-2022-3317) - Medium [333]
Description: Chromium: CVE-2022-3317
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Web browser | |
0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |
MS PT Extended: CVE-2022-3317 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
81. Elevation of Privilege - Azure Arc-enabled Kubernetes cluster Connect (CVE-2022-37968) - Medium [331]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.5 | 14 | Azure Arc-enabled Kubernetes cluster Connect | |
1.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 10.0. Based on Microsoft data |
qualys: CVE-2022-37968 | Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege (EoP) Vulnerability This vulnerability has a CVSSv3.1 score of 10/10. Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability. Customers using Azure Stack Edge must update to the 2209 release (software version 2.2.2088.5593). Release notes for the 2209 release of Azure Stack Edge can be found here: Azure Stack Edge 2209 release notes. Exploitability Assessment: Exploitation Less Likely
tenable: CVE-2022-37968 is an EoP vulnerability in Microsoft’s Azure Arc, affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. With a CVSSv3 score of 10, the highest possible rating, an unauthenticated attacker could exploit this vulnerability in order to gain administrative privileges for a Kubernetes cluster. While updates have been released, users that do not have auto-upgrade enabled must take action to manually upgrade Azure Arc-enabled Kubernetes clusters. Microsoft’s security advisory provides additional information and steps to upgrade and how to check your current version. In July, Tenable disclosed a vulnerability in Azure Arc wherein passwords were being logged in plaintext. You can read more about the disclosure on the Tenable Techblog.
rapid7: Maxing out the CVSS base score with a 10.0 this month is CVE-2022-37968, an Elevation of Privilege vulnerability in the Azure Arc-enabled Kubernetes cluster Connect component. It’s unclear why Microsoft has assigned such a high score, given that an attacker would need to know the randomly generated external DNS endpoint for an Azure Arc-enabled Kubernetes cluster (arguably making the Attack Complexity “High”). That said, if this condition is met then an unauthenticated user could become a cluster admin and potentially gain control over the Kubernetes cluster. Users of Azure Arc and Azure Stack Edge should check whether auto-updates are turned on, and if not, upgrade manually as soon as possible.
zdi: CVE-2022-37968 – Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability. This vulnerability could allow an attacker to gain administrative control over Azure Arc-enabled Kubernetes clusters. Azure Stack Edge devices may also be impacted by this bug. To exploit this remotely, the attacker would need to know the randomly generated DNS endpoint for an Azure Arc-enabled Kubernetes cluster. Still, this bug receives the rare CVSS 10 rating – the highest severity rating the system allows. If you’re running these types of containers, make sure you either have auto-upgrade enabled or manually update to the latest version by running the appropriate commands in the Azure CLI.
82. Information Disclosure - Windows Mixed Reality Developer Tools (CVE-2022-37974) - Medium [327]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.4 | 15 | Information Disclosure | |
0.8 | 14 | Windows component | |
0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
83. Elevation of Privilege - Windows Hyper-V (CVE-2022-37979) - Medium [322]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
84. Information Disclosure - Windows DHCP Client (CVE-2022-38026) - Medium [313]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.4 | 15 | Information Disclosure | |
0.8 | 14 | Windows component | |
0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
85. Information Disclosure - Windows Distributed File System (DFS) (CVE-2022-38025) - Medium [313]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.4 | 15 | Information Disclosure | |
0.8 | 14 | Windows component | |
0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
86. Information Disclosure - Windows Graphics Component (CVE-2022-37985) - Medium [313]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.4 | 15 | Information Disclosure | |
0.8 | 14 | Windows component | |
0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
87. Information Disclosure - Windows Kernel Memory (CVE-2022-37996) - Medium [313]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.4 | 15 | Information Disclosure | |
0.8 | 14 | Windows component | |
0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
88. Information Disclosure - Windows Security Support Provider Interface (CVE-2022-38043) - Medium [313]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.4 | 15 | Information Disclosure | |
0.8 | 14 | Windows component | |
0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
89. Elevation of Privilege - Windows Kernel (CVE-2022-38022) - Medium [312]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.9 | 14 | Windows Kernel | |
0.3 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 3.3. Based on Microsoft data |
tenable: CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038 and CVE-2022-38039 are EoP vulnerabilities in the Windows Kernel. With the exception of CVE-2022-38022, all the CVEs received CVSSv3 scores of 7.8 and could allow an attacker to elevate their privileges to SYSTEM. CVE-2022-38022 was scored CVSSv3 of 2.5 and would only allow an attacker to delete empty folders as SYSTEM. The attacker would not be able to view or edit files, nor delete folders that were not empty.
90. Elevation of Privilege - Windows Workstation Service (CVE-2022-38034) - Medium [306]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.3. Based on Microsoft data |
91. Elevation of Privilege - NuGet Client (CVE-2022-41032) - Medium [304]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.5 | 14 | NuGet Client | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
92. Elevation of Privilege - StorSimple 8000 Series (CVE-2022-38017) - Medium [290]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.5 | 14 | StorSimple 8000 Series | |
0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.8. Based on Microsoft data |
93. Spoofing - Microsoft Office (CVE-2022-38001) - Medium [289]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.4 | 15 | Spoofing | |
0.6 | 14 | Microsoft Office | |
0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
94. Information Disclosure - Windows USB Serial Driver (CVE-2022-38030) - Medium [286]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.4 | 15 | Information Disclosure | |
0.8 | 14 | Windows component | |
0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.3. Based on Microsoft data |
95. Memory Corruption - Microsoft Edge (CVE-2022-3304) - Medium [272]
Description: Chromium: CVE-2022-3304
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.6 | 15 | Memory Corruption | |
0.8 | 14 | Web browser | |
0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |
MS PT Extended: CVE-2022-3304 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
96. Memory Corruption - Microsoft Edge (CVE-2022-3307) - Medium [272]
Description: Chromium: CVE-2022-3307
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.6 | 15 | Memory Corruption | |
0.8 | 14 | Web browser | |
0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |
MS PT Extended: CVE-2022-3307 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
97. Memory Corruption - Microsoft Edge (CVE-2022-3311) - Medium [272]
Description: Chromium: CVE-2022-3311
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.6 | 15 | Memory Corruption | |
0.8 | 14 | Web browser | |
0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |
MS PT Extended: CVE-2022-3311 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
98. Memory Corruption - Microsoft Edge (CVE-2022-3370) - Medium [272]
Description: Chromium: CVE-2022-3370
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.6 | 15 | Memory Corruption | |
0.8 | 14 | Web browser | |
0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |
MS PT Extended: CVE-2022-3370 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
99. Elevation of Privilege - Visual Studio Code (CVE-2022-41083) - Medium [266]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.5 | 15 | Elevation of Privilege | |
0.3 | 14 | Integrated development environment | |
0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
100. Information Disclosure - Web Account Manager (CVE-2022-38046) - Medium [256]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.4 | 15 | Information Disclosure | |
0.5 | 14 | Web Account Manager | |
0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.2. Based on Microsoft data |
101. Spoofing - Service Fabric Explorer (CVE-2022-35829) - Medium [256]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.4 | 15 | Spoofing | |
0.5 | 14 | Service Fabric Explorer | |
0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.2. Based on Microsoft data |
102. Information Disclosure - Microsoft Office (CVE-2022-41043) - Medium [235]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.4 | 15 | Information Disclosure | |
0.6 | 14 | Microsoft Office | |
0.3 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 3.3. Based on Microsoft data |
qualys: Microsoft Patch Tuesday Summary Microsoft has fixed 84 vulnerabilities (aka flaws) in the October 2022 update, including 13 vulnerabilities classified as Critical as they allow Elevation of Privilege (EoP), Remote Code Execution (RCE), and Spoofing. This month’s Patch Tuesday fixes two (2) zero-day vulnerabilities, with one (1) actively exploited* in attacks (CVE-2022-41033*, CVE-2022-41043). Earlier this month, on October 3 and 6, 2022, Microsoft also released a total of 12 Microsoft Edge (Chromium-Based) updates, one (1) addressing Spoofing (CVE-2022-41035) ranked Moderate. Microsoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, Spoofing, Microsoft Edge (Chromium-based), and Microsoft Edge (Chromium-based) / Spoofing.
qualys: CVE-2022-41043| Microsoft Office Information Disclosure Vulnerability This vulnerability has a CVSSv3.1 score of 3.3/10. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is user tokens and other potentially sensitive information. The impact of exploitation is loss of confidentiality. This vulnerability demands that the victim is doing some kind of user interaction. As of the time of publishing, neither technical details nor an exploit is publicly available. Exploitability Assessment: Exploitation Less Likely
tenable: CVE-2022-41043 is an information disclosure vulnerability affecting Microsoft Office for Mac. While exploitation requires local access to the host, this was the only publicly disclosed vulnerability patched this month. It is credited to Cody Thomas with SpecterOps.
rapid7: Microsoft did address two other zero-day vulnerabilities with today’s patches. CVE-2022-41033, an Elevation of Privilege vulnerability affecting the COM+ Event System Service in all supported versions of Windows, has been seen exploited in the wild. CVE-2022-41043 is an Information Disclosure vulnerability affecting Office for Mac that was publicly disclosed but not (yet) seen exploited in the wild.
103. Information Disclosure - Visual Studio Code (CVE-2022-41042) - Medium [232]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0.4 | 15 | Information Disclosure | |
0.3 | 14 | Integrated development environment | |
0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.4. Based on Microsoft data |
104. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-3313) - Low [151]
Description: {'ms_cve_data_all': 'Chromium: CVE-2022-3313 Incorrect security UI in Full Screen. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0 | 15 | Unknown Vulnerability Type | |
0.8 | 14 | Web browser | |
0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |
MS PT Extended: CVE-2022-3313 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
105. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-3315) - Low [151]
Description: {'ms_cve_data_all': 'Chromium: CVE-2022-3315 Type confusion in Blink. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned on Vulners, Microsoft and AttackerKB websites | |
0 | 17 | The existence of a public exploit is NOT mentioned on Vulners and Microsoft websites | |
0 | 15 | Unknown Vulnerability Type | |
0.8 | 14 | Web browser | |
0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |
MS PT Extended: CVE-2022-3315 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
MS PT Extended: CVE-2022-41082 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
qualys: Microsoft Exchange “ProxyNotShell” Zero-Days Not Yet Addressed (QID 50122) Unfortunately, Microsoft has not released security updates to address ProxyNotShell which includes two actively exploited zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082. Released: October 2022 Exchange Server Security Updates provides the following update: NOTE The October 2022 SUs do not contain fixes for the zero-day vulnerabilities reported publicly on September 29, 2022 (CVE-2022-41040 and CVE-2022-41082). Please see this blog post to apply mitigations for those vulnerabilities. We will release updates for CVE-2022-41040 and CVE-2022-41082 when they are ready. Ankit Malhotra, Manager, Signature Engineering suggests, “It’s worth noting that Microsoft has had to revise the mitigation for CVE-2022-41040 more than once, as the suggested URL rewrite Mitigation was bypassed multiple times. Organizations that reacted to the ProxyShell vulnerability should also pay close attention to this, taking their lessons learned on rapid remediation, as this vulnerability can potentially see increased exploitation.”
qualys: Qualys Threat Protection High-Rated Advisories Published between September 14 – October 12, 2022, Most Recent First Microsoft Patch Tuesday, October 2022 Edition: 84 Vulnerabilities patched including 12 Microsoft Edge (Chromium-Based), 2 Zero-days, and 13 Rated as CriticalZimbra Collaboration Suite Remote Code Execution Vulnerability (CVE-2022-41352)FortiGate and FortiProxy Authentication Bypass Vulnerability on Administrative Interface (HTTP/HTTPS) (CVE-2022-40684)Microsoft Exchange Server Zero-day Vulnerabilities (CVE-2022-41040 and CVE-2022-41082) (ProxyNotShell)Sophos Firewall Remote Code Execution Vulnerability (CVE-2022-3236)Zoho ManageEngine PAM360, Access Manager Plus, and Password Manager Pro Remote Code Execution Vulnerability (CVE-2022-35405)Trend Micro Patches Multiple Vulnerabilities in Apex One (On-Premise) Including One Zero-day (CVE-2022-40139)Cisco Patched Multiple Vulnerabilities in Multiple Products including NVIDIA Data Plane Development KitApple Patches Multiple Vulnerabilities in macOS Big Sur and macOS Monterey including One Zero-day (CVE-2022-32894)Microsoft Patches Vulnerabilities 79 including 16 Microsoft Edge (Chromium-Based); with 2 Zero-days and 5 Critical in Patch Tuesday, September 2022 Edition
qualys: Hans-Juergen Kreutzer says: October 13, 2022 at 12:29 AM What is the QID for October 2022 “Exchange Server Security Updates “ Reply to Hans-Juergen 1 Debra M. Fezza Reed says: October 17, 2022 at 1:27 PM ProxyNotShell which includes two actively exploited zero-day vulnerabilities is being tracked in Qualys as QID 50122 (CVE-2022-41040 and CVE-2022-41082). Reply to Debra 1
tenable: Note: Microsoft has not included patches for the two zero-day vulnerabilities in Microsoft Exchange, CVE-2022-41040 and CVE-2022-41082, that were disclosed on September 28 in this release.
rapid7: Top of mind for many this month is whether Microsoft would patch the two Exchange Server zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) disclosed at the end of September. While Microsoft was relatively quick to acknowledge the vulnerabilities and provide mitigation steps, their guidance has continually changed as the recommended rules to block attack traffic get bypassed. This whack-a-mole approach seems likely to continue until a proper patch addressing the root causes is available; unfortunately, it doesn’t look like that will be happening today. Thankfully, the impact should be more limited than 2021’s ProxyShell and ProxyLogon vulnerabilities due to attackers needing to be authenticated to the server for successful exploitation. Reports are also surfacing about an additional zero-day distinct from these being used in ransomware attacks; however, these have not yet been substantiated.
MS PT Extended: CVE-2022-41040 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
qualys: Microsoft Exchange “ProxyNotShell” Zero-Days Not Yet Addressed (QID 50122) Unfortunately, Microsoft has not released security updates to address ProxyNotShell which includes two actively exploited zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082. Released: October 2022 Exchange Server Security Updates provides the following update: NOTE The October 2022 SUs do not contain fixes for the zero-day vulnerabilities reported publicly on September 29, 2022 (CVE-2022-41040 and CVE-2022-41082). Please see this blog post to apply mitigations for those vulnerabilities. We will release updates for CVE-2022-41040 and CVE-2022-41082 when they are ready. Ankit Malhotra, Manager, Signature Engineering suggests, “It’s worth noting that Microsoft has had to revise the mitigation for CVE-2022-41040 more than once, as the suggested URL rewrite Mitigation was bypassed multiple times. Organizations that reacted to the ProxyShell vulnerability should also pay close attention to this, taking their lessons learned on rapid remediation, as this vulnerability can potentially see increased exploitation.”
qualys: Qualys Threat Protection High-Rated Advisories Published between September 14 – October 12, 2022, Most Recent First Microsoft Patch Tuesday, October 2022 Edition: 84 Vulnerabilities patched including 12 Microsoft Edge (Chromium-Based), 2 Zero-days, and 13 Rated as CriticalZimbra Collaboration Suite Remote Code Execution Vulnerability (CVE-2022-41352)FortiGate and FortiProxy Authentication Bypass Vulnerability on Administrative Interface (HTTP/HTTPS) (CVE-2022-40684)Microsoft Exchange Server Zero-day Vulnerabilities (CVE-2022-41040 and CVE-2022-41082) (ProxyNotShell)Sophos Firewall Remote Code Execution Vulnerability (CVE-2022-3236)Zoho ManageEngine PAM360, Access Manager Plus, and Password Manager Pro Remote Code Execution Vulnerability (CVE-2022-35405)Trend Micro Patches Multiple Vulnerabilities in Apex One (On-Premise) Including One Zero-day (CVE-2022-40139)Cisco Patched Multiple Vulnerabilities in Multiple Products including NVIDIA Data Plane Development KitApple Patches Multiple Vulnerabilities in macOS Big Sur and macOS Monterey including One Zero-day (CVE-2022-32894)Microsoft Patches Vulnerabilities 79 including 16 Microsoft Edge (Chromium-Based); with 2 Zero-days and 5 Critical in Patch Tuesday, September 2022 Edition
qualys: Try It for Free! Sign up now for a no-cost trial of Qualys Custom Assessment and Remediation Customers can perform the provided mitigation steps by creating a PowerShell script and executing the script on vulnerable assets. IMPORTANT: Scripts tend to change over time. Referring back to a portion of our quote from Ankit Malhotra at the top of this blog, “It’s worth noting that Microsoft has had to revise the mitigation for CVE-2022-41040 more than once, as the suggested URL rewrite Mitigation was bypassed multiple times.” Please refer to the Qualys GitHub Tuesday Patch link to ensure the most current version of a given Patch Tuesday script is in use.
qualys: Hans-Juergen Kreutzer says: October 13, 2022 at 12:29 AM What is the QID for October 2022 “Exchange Server Security Updates “ Reply to Hans-Juergen 1 Debra M. Fezza Reed says: October 17, 2022 at 1:27 PM ProxyNotShell which includes two actively exploited zero-day vulnerabilities is being tracked in Qualys as QID 50122 (CVE-2022-41040 and CVE-2022-41082). Reply to Debra 1
tenable: Note: Microsoft has not included patches for the two zero-day vulnerabilities in Microsoft Exchange, CVE-2022-41040 and CVE-2022-41082, that were disclosed on September 28 in this release.
rapid7: Top of mind for many this month is whether Microsoft would patch the two Exchange Server zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) disclosed at the end of September. While Microsoft was relatively quick to acknowledge the vulnerabilities and provide mitigation steps, their guidance has continually changed as the recommended rules to block attack traffic get bypassed. This whack-a-mole approach seems likely to continue until a proper patch addressing the root causes is available; unfortunately, it doesn’t look like that will be happening today. Thankfully, the impact should be more limited than 2021’s ProxyShell and ProxyLogon vulnerabilities due to attackers needing to be authenticated to the server for successful exploitation. Reports are also surfacing about an additional zero-day distinct from these being used in ransomware attacks; however, these have not yet been substantiated.
qualys: Microsoft Patch Tuesday Summary Microsoft has fixed 84 vulnerabilities (aka flaws) in the October 2022 update, including 13 vulnerabilities classified as Critical as they allow Elevation of Privilege (EoP), Remote Code Execution (RCE), and Spoofing. This month’s Patch Tuesday fixes two (2) zero-day vulnerabilities, with one (1) actively exploited* in attacks (CVE-2022-41033*, CVE-2022-41043). Earlier this month, on October 3 and 6, 2022, Microsoft also released a total of 12 Microsoft Edge (Chromium-Based) updates, one (1) addressing Spoofing (CVE-2022-41035) ranked Moderate. Microsoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, Spoofing, Microsoft Edge (Chromium-based), and Microsoft Edge (Chromium-based) / Spoofing.
qualys: CVE-2022-41033 | Windows COM+ Event System Service Elevation of Privilege (EoP) Vulnerability This vulnerability has a CVSSv3.1 score of 7.8/10. Classified as Critical, this issue affects an unknown function of the component COM+ Event System Service. The impact of exploitation is loss of confidentiality, integrity, and availability. Microsoft has not disclosed how the vulnerability is being exploited or if it is being exploited in targeted or more widespread attacks. They only say that the attack complexity is low and that it requires no user interaction for the attacker to be able to achieve SYSTEM privileges. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Patch Installation should be considered Critical. Saeed Abbasi, Manager, Vulnerability Signatures adds, “This patch fixes a security vulnerability that Microsoft stated is under active attack. However, it is not clear how severe these attacks are. Due to the nature of this vulnerability, a privilege escalation that often engages some social engineering (e.g. requiring the user to open a malicious attachment), history shows that it potentially needs to be chained with a code execution bug to exploit.” Exploitability Assessment: Exploitation Detected
tenable: CVE-2022-41033 is an EoP vulnerability in the Windows COM+ Event System Service, which enables system event notifications for COM+ component services. It received a CVSSv3 score of 7.8. An authenticated attacker could exploit this vulnerability to elevate privileges on a vulnerable system and gain SYSTEM privileges.
rapid7: Microsoft did address two other zero-day vulnerabilities with today’s patches. CVE-2022-41033, an Elevation of Privilege vulnerability affecting the COM+ Event System Service in all supported versions of Windows, has been seen exploited in the wild. CVE-2022-41043 is an Information Disclosure vulnerability affecting Office for Mac that was publicly disclosed but not (yet) seen exploited in the wild.
zdi: CVE-2022-41033 – Windows COM+ Event System Service Elevation of Privilege Vulnerability. This patch fixes a bug that Microsoft lists as being used in active attacks, although they specify how broad these attacks may be. Since this is a privilege escalation bug, it is likely paired with other code execution exploits designed to take over a system. These types of attacks often involve some form of social engineering, such as enticing a user to open an attachment or browse to a malicious website. Despite near-constant anti-phishing training, especially during “Cyber Security Awareness Month”, people tend to click everything, so test and deploy this fix quickly.
MS PT Extended: CVE-2022-3195 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
MS PT Extended: CVE-2022-3373 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
qualys: CVE-2022-41038 | Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability This vulnerability has a CVSSv3.1 score of 8.8/10. In a network-based attack, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server. The attacker must be authenticated to the target site, with permission to use Manage Lists within SharePoint. NOTE: Customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013. Exploitability Assessment: Exploitation More Likely
tenable: CVE-2022-38053, CVE-2022-41036, CVE-2022-41037 and CVE-2022-41038 are RCE vulnerabilities in Microsoft SharePoint Server that all received a CVSSv3 score of 8.8. All except CVE-2022-41037 were rated “Exploitation More Likely,” and CVE-2022-41038 is the only one that has a critical rating. To exploit these vulnerabilities, a network-based attacker would need to be authenticated to the target SharePoint site with permission to use Manage Lists.
rapid7: Nine CVEs categorized as Remote Code Execution (RCE) with Critical severity were also patched today – seven of them affect the Point-to-Point Tunneling Protocol, and like those fixed last month, require an attacker to win a race condition to exploit them. CVE-2022-38048 affects all supported versions of Office, and CVE-2022-41038 could allow an attacker authenticated to SharePoint to execute arbitrary code on the server, provided the account has “Manage List” permissions.
qualys: CVE-2022-38048 | Microsoft Office Remote Code Execution (RCE) Vulnerability This vulnerability has a CVSSv3.1 score of 7.8/10. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. When a particular vulnerability allows an attacker to execute “arbitrary code”, it typically means that the bad guy can run any command on the target system the attacker chooses. Source For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. The impact of exploitation is loss of confidentiality, integrity, and availability. NOTE: Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. Exploitability Assessment: Exploitation More Likely
rapid7: Nine CVEs categorized as Remote Code Execution (RCE) with Critical severity were also patched today – seven of them affect the Point-to-Point Tunneling Protocol, and like those fixed last month, require an attacker to win a race condition to exploit them. CVE-2022-38048 affects all supported versions of Office, and CVE-2022-41038 could allow an attacker authenticated to SharePoint to execute arbitrary code on the server, provided the account has “Manage List” permissions.
zdi: CVE-2022-38048 – Microsoft Office Remote Code Execution Vulnerability. This bug was reported to the ZDI by the researcher known as “hades_kito” and represents a rare Critical-rated Office bug. Most Office vulnerabilities are rated Important since they involve user interaction – typically opening a file. An exception to that is when the Preview Pane is an attack vector, however, Microsoft states that isn’t the case here. Likely the rating results from the lack of warning dialogs when opening a specially crafted file. Either way, this is a UAF that could lead to passing an arbitrary pointer to a free call which makes further memory corruption possible.
MS PT Extended: CVE-2022-3316 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
MS PT Extended: CVE-2022-3310 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
MS PT Extended: CVE-2022-3308 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
MS PT Extended: CVE-2022-3317 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
qualys: CVE-2022-37976 | Active Directory Certificate Services Elevation of Privilege (EoP) Vulnerability This vulnerability has a CVSSv3.1 score of 8.8/10. A malicious DCOM client could coerce a DCOM server to authenticate to it through the Active Directory Certificate Service (ADCS) and use the credential to launch a cross-protocol attack. An attacker who successfully exploited this vulnerability could gain domain administrator privileges. Exploitability Assessment: Exploitation Less Likely
qualys: CVE-2022-37976 | Active Directory Certificate Services Elevation of Privilege (EoP) Vulnerability This vulnerability has a CVSSv3.1 score of 8.8/10. Exploitability Assessment: Exploitation Less Likely GitHub Link for CVE-2022-37976 Script
qualys: Write-Host "ADCS found running. LegacyAuthenticationLevel is set to 5. Mitigation for CVE-2022-37976 has been applied as per MSRC guidelines. "
qualys: CVE-2022-37976 | Active Directory Certificate Services Elevation of Privilege (EoP) Vulnerability This vulnerability has a CVSSv3.1 score of 8.8/10. Policy Compliance Control IDs (CIDs): 4079 Status of the ‘Active Directory Certificate Service’ 14916 Status of Windows Services 24842 Status of the ‘LegacyAuthenticationLevel’ setting Exploitability Assessment: Exploitation Less Likely
tenable: CVE-2022-37976 is an EoP vulnerability affecting Active Directory Certificate Services. According to the advisory, a malicious Distributed Component Object Model (DCOM) client could be used to entice a DCOM server to authenticate to the client, allowing an attacker to perform a cross-protocol attack and gain domain administrator privileges. While Microsoft rates this as “Exploitation Less Likely,” ransomware groups often seek out vulnerabilities and misconfigurations in Active Directory to leverage for spreading malicious payloads across an organization's network. As highlighted in Tenable’s Ransomware Ecosystem report, Active Directory plays a pivotal role in ransomware attacks.
tenable: CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038 and CVE-2022-38039 are EoP vulnerabilities in the Windows Kernel. With the exception of CVE-2022-38022, all the CVEs received CVSSv3 scores of 7.8 and could allow an attacker to elevate their privileges to SYSTEM. CVE-2022-38022 was scored CVSSv3 of 2.5 and would only allow an attacker to delete empty folders as SYSTEM. The attacker would not be able to view or edit files, nor delete folders that were not empty.
zdi: CVE-2022-37987/CVE-2022-37989 – Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. These bugs were reported by ZDI Sr. Vulnerability Researcher Simon Zuckerbraun and pertain to the behavior of the CSRSS process when it searches for dependencies. CVS-2022-37989 is a failed patch for CVE-2022-22047, an earlier bug that saw some in-the-wild exploitation. This vulnerability results from CSRSS being too lenient in accepting input from untrusted processes. By contrast, CVE-2022-37987 is a new attack that works by deceiving CSRSS into loading dependency information from an unsecured location. We’ll publish additional details about these bugs on our blog in the future.
tenable: CVE-2022-38028 is an EoP vulnerability in Windows Print Spooler components that received a CVSSv3 score of 7.8 and was rated “Exploitation More Likely” according to Microsoft’s Exploitability Index. Exploitation would allow an attacker to gain SYSTEM privileges. The flaw was disclosed to Microsoft by the National Security Agency. This marks the third EoP vulnerability in Windows Print Spooler credited to the NSA this year, following CVE-2022-29104 and CVE-2022-30138 in May.
qualys: CVE-2022-37968 | Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege (EoP) Vulnerability This vulnerability has a CVSSv3.1 score of 10/10. Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability. Customers using Azure Stack Edge must update to the 2209 release (software version 2.2.2088.5593). Release notes for the 2209 release of Azure Stack Edge can be found here: Azure Stack Edge 2209 release notes. Exploitability Assessment: Exploitation Less Likely
tenable: CVE-2022-37968 is an EoP vulnerability in Microsoft’s Azure Arc, affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. With a CVSSv3 score of 10, the highest possible rating, an unauthenticated attacker could exploit this vulnerability in order to gain administrative privileges for a Kubernetes cluster. While updates have been released, users that do not have auto-upgrade enabled must take action to manually upgrade Azure Arc-enabled Kubernetes clusters. Microsoft’s security advisory provides additional information and steps to upgrade and how to check your current version. In July, Tenable disclosed a vulnerability in Azure Arc wherein passwords were being logged in plaintext. You can read more about the disclosure on the Tenable Techblog.
rapid7: Maxing out the CVSS base score with a 10.0 this month is CVE-2022-37968, an Elevation of Privilege vulnerability in the Azure Arc-enabled Kubernetes cluster Connect component. It’s unclear why Microsoft has assigned such a high score, given that an attacker would need to know the randomly generated external DNS endpoint for an Azure Arc-enabled Kubernetes cluster (arguably making the Attack Complexity “High”). That said, if this condition is met then an unauthenticated user could become a cluster admin and potentially gain control over the Kubernetes cluster. Users of Azure Arc and Azure Stack Edge should check whether auto-updates are turned on, and if not, upgrade manually as soon as possible.
zdi: CVE-2022-37968 – Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability. This vulnerability could allow an attacker to gain administrative control over Azure Arc-enabled Kubernetes clusters. Azure Stack Edge devices may also be impacted by this bug. To exploit this remotely, the attacker would need to know the randomly generated DNS endpoint for an Azure Arc-enabled Kubernetes cluster. Still, this bug receives the rare CVSS 10 rating – the highest severity rating the system allows. If you’re running these types of containers, make sure you either have auto-upgrade enabled or manually update to the latest version by running the appropriate commands in the Azure CLI.
MS PT Extended: CVE-2022-41035 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
qualys: Microsoft Patch Tuesday Summary Microsoft has fixed 84 vulnerabilities (aka flaws) in the October 2022 update, including 13 vulnerabilities classified as Critical as they allow Elevation of Privilege (EoP), Remote Code Execution (RCE), and Spoofing. This month’s Patch Tuesday fixes two (2) zero-day vulnerabilities, with one (1) actively exploited* in attacks (CVE-2022-41033*, CVE-2022-41043). Earlier this month, on October 3 and 6, 2022, Microsoft also released a total of 12 Microsoft Edge (Chromium-Based) updates, one (1) addressing Spoofing (CVE-2022-41035) ranked Moderate. Microsoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, Spoofing, Microsoft Edge (Chromium-based), and Microsoft Edge (Chromium-based) / Spoofing.
qualys: Microsoft Edge | Last But Not Least Earlier in October 2022, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities including CVE-2022-41035. The vulnerability assigned to the CVE is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. For more information, please see Security Update Guide Supports CVEs Assigned by Industry Partners.
qualys: CVE-2022-41035 | Microsoft Edge (Chromium-based) Spoofing Vulnerability This vulnerability has a CVSSv3.1 score of 8.3/10. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. Per Microsoft severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity. The CVSS scoring system doesn’t allow for this type of nuance. Severity: Moderate Exploitability Assessment: Exploitation Less Likely
MS PT Extended: CVE-2022-37972 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
qualys: CVE-2022-34689 | Windows CryptoAPI Spoofing Vulnerability This vulnerability has a CVSSv3.1 score of 7.5/10. An attacker could manipulate an existing public x.509 certificate to spoof their identify and perform actions such as authentication or code signing as the targeted certificate. The technical details are unknown, and an exploit is not publicly available. The impact is known to affect integrity. Exploitability Assessment: Exploitation More Likely
qualys: CVE-2022-33645 | Windows TCP/IP Driver Denial of Service (DoS) Vulnerability This vulnerability has a CVSSv3.1 score of 7.5/10. Exploitability Assessment: Exploitation Less Likely GitHub Link for CVE-2022-33645 Script
qualys: Write-Host "IPV6 has been disabled as part of workaround implementation. CVE-2022-33645 is now mitigated,"
qualys: CVE-2022-33645 | Windows TCP/IP Driver Denial of Service (DoS) Vulnerability This vulnerability has a CVSSv3.1 score of 7.5/10. Policy Compliance Control IDs (CIDs): 4842 Status of the ‘Internet Protocol version 6 (IPv6) components’ setting Exploitability Assessment: Exploitation Less Likely
qualys: Microsoft Patch Tuesday Summary Microsoft has fixed 84 vulnerabilities (aka flaws) in the October 2022 update, including 13 vulnerabilities classified as Critical as they allow Elevation of Privilege (EoP), Remote Code Execution (RCE), and Spoofing. This month’s Patch Tuesday fixes two (2) zero-day vulnerabilities, with one (1) actively exploited* in attacks (CVE-2022-41033*, CVE-2022-41043). Earlier this month, on October 3 and 6, 2022, Microsoft also released a total of 12 Microsoft Edge (Chromium-Based) updates, one (1) addressing Spoofing (CVE-2022-41035) ranked Moderate. Microsoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, Spoofing, Microsoft Edge (Chromium-based), and Microsoft Edge (Chromium-based) / Spoofing.
qualys: CVE-2022-41043| Microsoft Office Information Disclosure Vulnerability This vulnerability has a CVSSv3.1 score of 3.3/10. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is user tokens and other potentially sensitive information. The impact of exploitation is loss of confidentiality. This vulnerability demands that the victim is doing some kind of user interaction. As of the time of publishing, neither technical details nor an exploit is publicly available. Exploitability Assessment: Exploitation Less Likely
tenable: CVE-2022-41043 is an information disclosure vulnerability affecting Microsoft Office for Mac. While exploitation requires local access to the host, this was the only publicly disclosed vulnerability patched this month. It is credited to Cody Thomas with SpecterOps.
rapid7: Microsoft did address two other zero-day vulnerabilities with today’s patches. CVE-2022-41033, an Elevation of Privilege vulnerability affecting the COM+ Event System Service in all supported versions of Windows, has been seen exploited in the wild. CVE-2022-41043 is an Information Disclosure vulnerability affecting Office for Mac that was publicly disclosed but not (yet) seen exploited in the wild.
MS PT Extended: CVE-2022-3307 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
MS PT Extended: CVE-2022-3198 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
MS PT Extended: CVE-2022-3196 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
MS PT Extended: CVE-2022-3311 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
MS PT Extended: CVE-2022-3200 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
MS PT Extended: CVE-2022-3199 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
MS PT Extended: CVE-2022-3370 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
MS PT Extended: CVE-2022-3197 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
MS PT Extended: CVE-2022-3304 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
MS PT Extended: CVE-2022-3313 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10
MS PT Extended: CVE-2022-3315 was published before October 2022 Patch Tuesday from 2022-09-14 to 2022-10-10