CVE-2022-41080 - Microsoft Exchange Server Elevation of Privilege Vulnerability

This is a Privilege Escalation vulnerability with a CVSS Base Score of 8.8 affecting Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 22, Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2019 Cumulative Update 12.

Technical details to exploit this vulnerability are unknown, but the attack complexity is low and successful exploitation is more likely.

CVE-2022-41128 - Windows Scripting Languages Remote Code Execution Vulnerability

This is an actively exploited 0-day vulnerability affecting the JScript9 scripting language which has a CVSS Base Score of 8.8.

The attack can be initiated remotely: an attacker has to convince a victim to visit a server share or website they host, typically by way of an enticement in an email or chat message.

CVE-2022-41039, CVE-2022-41044 and CVE-2022-41088 - Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerabilities

These three critical Remote Code Execution (RCE) vulnerabilities have a CVSS Base Score of 8.1 and affect the Windows Point-to-Point Tunneling Protocol (PPTP).

An unauthenticated attacker can send a crafted request to a RAS (Remote Access Server), that can lead to remote code execution. These three vulnerabilities are less likely to be exploited, as the attacker must win a complex race condition.

CVE-2022-37967 - Windows Kerberos Elevation of Privilege Vulnerability

This Privilege Escalation vulnerability has a CVSS Base Score of 8.1 and the attack complexity is low.

An attacker can leverage cryptographic protocol vulnerabilities in the Windows Kerberos AES-SHA1 cipher suite to gain control over the service that is allowed for delegation and modify Kerberos PAC (Privileged Attribute Certificate) to elevate their privileges.

CVE-2022-41073 - Windows Print Spooler Elevation of Privilege Vulnerability

The Privilege Escalation vulnerability affects the Windows Print Spooler service and has a CVSS Base Score of 7.8.

This 0-day flaw is being exploited in the wild and allows a low privileged user to gain SYSTEM level privileges.

CVE-2022-41125 - Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

This is yet another actively exploited 0-day Privilege Escalation vulnerability with a CVSS Base Score of 7.8 which is known to be exploited in the wild.

The vulnerability affects the Windows Cryptography Next Generation (CNG) Key Isolation Service used for Windows cryptographic support and operations. Successful exploitation allows an attacker to gain SYSTEM privileges.

CVE-2022-41091 - Windows Mark of the Web Security Feature Bypass Vulnerability

The vulnerability is a 0-day that is being actively exploited in the wild.

By crafting a malicious file, an attacker can evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features, such as Protected View in Microsoft Office, which rely on MOTW tagging.

CVE-2022-41040 and CVE-2022-41082 - Microsoft Exchange Server Elevation of Privilege and Microsoft Exchange Server Remote Code Execution Vulnerability

It is worth noting that these two 0-day and actively exploited vulnerabilities, discovered at the end of September 2022, are now patched with this month’s security updates.