Microsoft’s monthly security update – October 2022

Details:

1. The products for which security updates have been published are:
   • Active Directory Domain Services
   • Azure
   • Azure Arc
   • Client Server Run-time Subsystem (CSRSS)
   • Microsoft Edge (Chromium-based)
   • Microsoft Graphics Component
   • Microsoft Office
   • Microsoft Office SharePoint
   • Microsoft Office Word
   • Microsoft WDAC OLE DB provider for SQL
   • NuGet Client
   • Remote Access Service Point-to-Point Tunneling Protocol
   • Role: Windows Hyper-V
   • Service Fabric
   • Visual Studio Code
   • Windows Active Directory Certificate Services
   • Windows ALPC
   • Windows CD-ROM Driver
   • Windows COM+ Event System Service
   • Windows Connected User Experiences and Telemetry
   • Windows CryptoAPI
   • Windows Defender
   • Windows DHCP Client
   • Windows Distributed File System (DFS)
   • Windows DWM Core Library
   • Windows Event Logging Service
   • Windows Group Policy
   • Windows Group Policy Preference Client
   • Windows Internet Key Exchange (IKE) Protocol
   • Windows Kernel
   • Windows Local Security Authority (LSA)
   • Windows Local Security Authority Subsystem Service (LSASS)
   • Windows Local Session Manager (LSM)
   • Windows NTFS
   • Windows NTLM
   • Windows ODBC Driver
   • Windows Perception Simulation Service
   • Windows Point-to-Point Tunneling Protocol
   • Windows Portable Device Enumerator Service
   • Windows Print Spooler Components
   • Windows Resilient File System (ReFS)
   • Windows Secure Channel
   • Windows Security Support Provider Interface
   • Windows Server Remotely Accessible Registry Keys
   • Windows Server Service
   • Windows Storage
   • Windows TCP/IP
   • Windows USB Serial Driver
   • Windows Web Account Manager
   • Windows Win32K
   • Windows WLAN Service
   • Windows Workstation Service
2. Attention that for some of the updates in the link https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct there is a reference to more details and some of them may require the performance of additional actions beyond the installation of the update itself. The link also contains information about known issues in these security updates.
3. Details of all the updates for this month can be found at the link https://isc.sans.edu/diary/October+2022+Microsoft+Patch+Tuesday/29138/.
4. If you do not install a cumulative security update, but choose individually which updates to implement, it is recommended to prioritize the testing and installation of the updates marked as critical in the above link, or marked as “More Likely” under the Exploitability column, or allowing Remote Code Execution ), or actually used by attackers (Zero Day).
5. It is recommended to prioritize examining and installing updates for the following vulnerabilities:
   • A vulnerability in the Windows COM+ Event System Service is actually being exploited in the world.
   • Public information about vulnerabilities in Office software has been released.
   • A vulnerability in CryptoAPI was reported by the NSA and the British NCSC. The vulnerability could allow an attacker to impersonate and use an existing digital certificate for identification or code signing.
   • Vulnerability in Azure Arc-enabled Kubernetes cluster Connect received a maximum CVSS score of 10.0.
   • 2 Vulnerabilities in Word could allow remote code execution.
   • 4 Vulnerabilities in SharePoint servers could allow remote code execution.
   • 7 Vulnerabilities in the PPTP protocol could allow remote code execution.
   • For Exchange users, it is recommended to read the company’s publication at the link https://techcommunity.microsoft.com/t5/exchange-team-blog/released-october-2022-exchange-server-security-updates/ba-p/3646263, and act in accordance with its recommendations .
   • Security updates have not yet been published for two zero day vulnerabilities in Exchange servers that are actually used for attacks in the world, and the latest method for dealing with them is published at the link https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day -vulnerabilities-in-microsoft-exchange-server/. It is recommended to examine this information even for those who have already implemented the bypass, because several updates were made to it after the initial publication.
   • 20 Vulnerabilities in the following components/software may allow remote code execution:
     • CVE-2022-33635    Windows GDI+ Remote Code Execution Vulnerability
     • CVE-2022-38048    Microsoft Office Remote Code Execution Vulnerability
     • CVE-2022-41038    Microsoft SharePoint Server Remote Code Execution Vulnerability
     • CVE-2022-41037    Microsoft SharePoint Server Remote Code Execution Vulnerability
     • CVE-2022-41036    Microsoft SharePoint Server Remote Code Execution Vulnerability
     • CVE-2022-38053    Microsoft SharePoint Server Remote Code Execution Vulnerability
     • CVE-2022-41031    Microsoft Word Remote Code Execution Vulnerability
     • CVE-2022-38049    Microsoft Office Graphics Remote Code Execution Vulnerability
     • CVE-2022-38031    Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
     • CVE-2022-37982    Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
     • CVE-2022-41034    Visual Studio Code Remote Code Execution Vulnerability
     • CVE-2022-38044    Windows CD-ROM File System Driver Remote Code Execution Vulnerability
     • CVE-2022-38040    Microsoft ODBC Driver Remote Code Execution Vulnerability
     • CVE-2022-41081    Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
     • CVE-2022-38047    Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
     • CVE-2022-38000    Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
     • CVE-2022-33634    Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
     • CVE-2022-30198    Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
     • CVE-2022-24504    Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
     • CVE-2022-22035    Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
   • 42 Vulnerabilities in the following components/software may allow elevation of privileges:
     • CVE-2022-38042    Active Directory Domain Services Elevation of Privilege Vulnerability
     • CVE-2022-38017    StorSimple 8000 Series Elevation of Privilege Vulnerability
     • CVE-2022-37968    Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
     • CVE-2022-37989    Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
     • CVE-2022-37987    Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
     • CVE-2022-24516    Microsoft Exchange Server Elevation of Privilege Vulnerability
     • CVE-2022-24477    Microsoft Exchange Server Elevation of Privilege Vulnerability
     • CVE-2022-21980    Microsoft Exchange Server Elevation of Privilege Vulnerability
     • CVE-2022-38051    Windows Graphics Component Elevation of Privilege Vulnerability
     • CVE-2022-37997    Windows Graphics Component Elevation of Privilege Vulnerability
     • CVE-2022-37986    Windows Win32k Elevation of Privilege Vulnerability
     • CVE-2022-41032    NuGet Client Elevation of Privilege Vulnerability
     • CVE-2022-37979    Windows Hyper-V Elevation of Privilege Vulnerability
     • CVE-2022-41083    Visual Studio Code Elevation of Privilege Vulnerability
     • CVE-2022-37976    Active Directory Certificate Services Elevation of Privilege Vulnerability
     • CVE-2022-38029    Windows ALPC Elevation of Privilege Vulnerability
     • CVE-2022-41033    Windows COM+ Event System Service Elevation of Privilege Vulnerability
     • CVE-2022-38021    Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
     • CVE-2022-37971    Microsoft Windows Defender Elevation of Privilege Vulnerability
     • CVE-2022-37980    Windows DHCP Client Elevation of Privilege Vulnerability
     • CVE-2022-37983    Microsoft DWM Core Library Elevation of Privilege Vulnerability
     • CVE-2022-37970    Windows DWM Core Library Elevation of Privilege Vulnerability
     • CVE-2022-37975    Windows Group Policy Elevation of Privilege Vulnerability
     • CVE-2022-37999    Windows Group Policy Preference Client Elevation of Privilege Vulnerability
     • CVE-2022-37994    Windows Group Policy Preference Client Elevation of Privilege Vulnerability
     • CVE-2022-37993    Windows Group Policy Preference Client Elevation of Privilege Vulnerability
     • CVE-2022-38039    Windows Kernel Elevation of Privilege Vulnerability
     • CVE-2022-38038    Windows Kernel Elevation of Privilege Vulnerability
     • CVE-2022-38037    Windows Kernel Elevation of Privilege Vulnerability
     • CVE-2022-38022    Windows Kernel Elevation of Privilege Vulnerability
     • CVE-2022-37995    Windows Kernel Elevation of Privilege Vulnerability
     • CVE-2022-37991    Windows Kernel Elevation of Privilege Vulnerability
     • CVE-2022-37990    Windows Kernel Elevation of Privilege Vulnerability
     • CVE-2022-37988    Windows Kernel Elevation of Privilege Vulnerability
     • CVE-2022-38016    Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
     • CVE-2022-38028    Windows Print Spooler Elevation of Privilege Vulnerability
     • CVE-2022-38003    Windows Resilient File System Elevation of Privilege
     • CVE-2022-38045    Server Service Remote Protocol Elevation of Privilege Vulnerability
     • CVE-2022-38027    Windows Storage Elevation of Privilege Vulnerability
     • CVE-2022-38050    Win32k Elevation of Privilege Vulnerability
     • CVE-2022-37984    Windows WLAN Service Elevation of Privilege Vulnerability
     • CVE-2022-38034    Windows Workstation Service Elevation of Privilege Vulnerability
   • 8 Vulnerabilities in the following components/software may enable a denial of service attack:
     • CVE-2022-37965    Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
     • CVE-2022-37981    Windows Event Logging Service Denial of Service Vulnerability
     • CVE-2022-38036    Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
     • CVE-2022-37977    Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
     • CVE-2022-37998    Windows Local Session Manager (LSM) Denial of Service Vulnerability
     • CVE-2022-37973    Windows Local Session Manager (LSM) Denial of Service Vulnerability
     • CVE-2022-38041    Windows Secure Channel Denial of Service Vulnerability
     • CVE-2022-33645    Windows TCP/IP Driver Denial of Service Vulnerability
   • 2 Vulnerabilities in the following components/software may allow security measures to be bypassed
     • CVE-2022-37978    Windows Active Directory Certificate Services Security Feature Bypass
     • CVE-2022-38032    Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability

ways of handling:

1. Private users with supported systems – it is recommended to use the automatic update interface of the operating system as soon as possible in order to update your systems (“Check for updates”, in the management interface).
2. Corporate users – it is recommended to test the suitability of the updates for your systems in a test environment, and install them as soon as possible.
3. Attached is an Excel file detailing the vulnerabilities divided into product families. Source – Microsoft’s update site.

Sharing information with the national CERT does not replace the obligation to report to any governing body, insofar as such an obligation applies to the body.
The information is provided as it is (as is), its use is the responsibility of the user and it is recommended to use a professional with appropriate training for its implementation.