WARNING: MICROSOFT PATCH TUESDAY October 2022 PATCHES 84 VULNERABILITIES (13 CRITICAL, 71 IMPORTANT)
Microsoft patched 84 CVEs in its October 2022 Patch Tuesday release, 13 rated as critical and 71 rated as important.
Number of CVE's per type
- Remote Code Execution: 20
- Elevation of Privileges: 39
- Denial of Service: 8
- Spoofing: 4
- Information Disclosure: 11
- Security Feature Bypass: 2
Bronnen
https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct
Risico’s
This month’s Patch Tuesday includes 13 critical and 71 important vulnerabilities for a wide range of Microsoft products, affecting Microsoft Software, Server, and Workstations.
Microsoft fixed 2 zero-day vulnerabilities:
Actively exploited: CVE-2022-41033 - Windows COM+ Event System Service Elevation of Privilege
Publicly disclosed: CVE-2022-41043 - Microsoft Office Information Disclosure Vulnerability
Microsoft did not patch the 2 ProxyNotShell vulnerabilities (CVE-2022-41040, CVE-2022-41080) who are actively exploitd in the wild.
The Windows' point-to-point protocol has 7 critical remote code execution vulnerabilities (CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081).
Organizations should prioritize exposed PPTP VPN servers or apply addition security controls to limit public access.
Microsoft Office and Microsoft Word have 3 critical remote code execution vulnerabilities(CVE-2022-38048, CVE-2022-38049, CVE-2022-41031.
Products from the Microsoft Office suite are popular targets for threat actors.Office documents are often weaponized and used as a lure in a spear phishing campaign. Awareness training can help organisations to lower the risk of this threat.
The Centre for Cyber security Belgium recommends system administrators patch vulnerable systems as soon as possible and analyse system and network logs for any suspicious activity.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
CVE-2022-41033 - Windows COM+ Event System Service elevation of privilege vulnerability
CVE-2022-41033 is a privilege escalation vulnerability in the Windows COM+ Event System Service.
The Windows COM+ Event System Service enables system event notifications for COM+ component services.
The vulnerability received a CVSSv3 score of 7.8 and is easy to exploit. An authenticated attacker could exploit this vulnerability to gain system-level privileges.
Remark: this 0-day vulnerability is exploited in the wild.
CVE-2022-37968 - Azure Arc-enabled Kubernetes cluster connect elevation of privilege vulnerability
CVE-2022-37968 is a privilege escalation vulnerability in Microsoft’s Azure Arc, affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters.
The vulnerability received the highest possible rating CVSS score 10. An unauthenticated attacker could exploit this vulnerability to gain administrative privileges on a Kubernetes cluster.
Remark: Organisations that do not have the auto-upgrade possibility enabled must act to manually upgrade Azure Arc-enabled Kubernetes clusters.
CVE-2022-37976 - Active Directory Certificate Services elevation of privilege vulnerability
CVE-2022-37976 is a privilege escalation vulnerability in the Active Directory Certificate Services.
an attacker could perform a cross-protocol attack to gain domain administrator privileges.
The active directory is an attractive target for threat actors to spread malicious payloads across the entire organization's network.
Aanbevolen acties
The CCB recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Referenties
https://www.theregister.com/2022/10/11/october_patch_tuesday/
https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2022-patch-tuesday-fixes-zero-day-used-in-attacks-84-flaws/