As part of its November 2022 Patch Tuesday, Microsoft released fixes for six zero-day vulnerabilities, including two in Exchange Server that are known collectively as ProxyNotShell. In all, Microsoft released fixes for nearly 70 security issues.
- Lots of interesting patches this time. One not to overlook is the patch for the sysmon issue. It could be devastating to a network that has sysmon deployed throughout the network. You essentially instrumented the network with a tool to assist attackers. Patch quickly and monitor what sysmon is doing (with sysmon?)
- Don’t you wish we just had to watch the election returns this Tuesday? Fixing six zero-days is awesome, particularly as these are being actively exploited in the wild. And the most severe four (CVE-2022-41091, CVE-2022-41073, CVE-2022-41125 and CVE-2022-41128) are in the CISA KEV catalog with remediation dates of 11/29. CVE-2022-41128 is a fix to Microsoft scripting languages, which can be leveraged to infect users who browse to a malicious site; CVE-2022-41073 is another Windows Print Spooler fix, CVE-2022-41125 addresses a privilege escalation flaw in the Windows Cryptographic API; CVE-2022-41091 addresses a security bypass to “Windows Mark of the Web” – that flag that marks the files as being from an untrusted source. The last two are Exchange flaws (CVE-2022-41040 and CVE-2022-41082) addressing remote code execution when PowerShell is accessible to the attacker. Check out the SANS ISC link below for a rundown on the rest of the story.
- Given the large number of critical vulnerabilities (11), several of which have been actively exploited, priority has to be given to this patch update.
Read more in
- Microsoft November 2022 Patch Tuesday
- Patch Tuesday, November 2022 Election Edition
- Microsoft squashes six security bugs already exploited in the wild
- Microsoft Patch Tuesday fixes six zero-day vulnerabilities
- Microsoft Patch Tuesday fixes 11 critical security vulnerabilities and six zero-days being actively exploited
- Patches for 6 0-days under active exploit are now available from Microsoft
- Microsoft Quashes Bevy of Actively Exploited Zero-Days for November Patch Tuesday
- Released: November 2022 Exchange Server Security Updates
- Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks
- Microsoft Patches ProxyNotShell Exchange Vulnerabilities