9
Details:
- The products for which security updates have been published are:
- Active Directory Domain Services
- Azure
- Azure Arc
- Client Server Run-time Subsystem (CSRSS)
- Microsoft Edge (Chromium-based)
- Microsoft Graphics Component
- Microsoft Office
- Microsoft Office SharePoint
- Microsoft Office Word
- Microsoft WDAC OLE DB provider for SQL
- NuGet Client
- Remote Access Service Point-to-Point Tunneling Protocol
- Role: Windows Hyper-V
- Service Fabric
- Visual Studio Code
- Windows Active Directory Certificate Services
- Windows ALPC
- Windows CD-ROM Driver
- Windows COM+ Event System Service
- Windows Connected User Experiences and Telemetry
- Windows CryptoAPI
- Windows Defender
- Windows DHCP Client
- Windows Distributed File System (DFS)
- Windows DWM Core Library
- Windows Event Logging Service
- Windows Group Policy
- Windows Group Policy Preference Client
- Windows Internet Key Exchange (IKE) Protocol
- Windows Kernel
- Windows Local Security Authority (LSA)
- Windows Local Security Authority Subsystem Service (LSASS)
- Windows Local Session Manager (LSM)
- Windows NTFS
- Windows NTLM
- Windows ODBC Driver
- Windows Perception Simulation Service
- Windows Point-to-Point Tunneling Protocol
- Windows Portable Device Enumerator Service
- Windows Print Spooler Components
- Windows Resilient File System (ReFS)
- Windows Secure Channel
- Windows Security Support Provider Interface
- Windows Server Remotely Accessible Registry Keys
- Windows Server Service
- Windows Storage
- Windows TCP/IP
- Windows USB Serial Driver
- Windows Web Account Manager
- Windows Win32K
- Windows WLAN Service
- Windows Workstation Service
- Attention that for some of the updates in the link https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct there is a reference to more details and some of them may require the performance of additional actions beyond the installation of the update itself. The link also contains information about known issues in these security updates.
- Details of all the updates for this month can be found at the link https://isc.sans.edu/diary/October+2022+Microsoft+Patch+Tuesday/29138/.
- If you do not install a cumulative security update, but choose individually which updates to implement, it is recommended to prioritize the testing and installation of the updates marked as critical in the above link, or marked as “More Likely” under the Exploitability column, or allowing Remote Code Execution ), or actually used by attackers (Zero Day).
- It is recommended to prioritize examining and installing updates for the following vulnerabilities:
- A vulnerability in the Windows COM+ Event System Service is actually being exploited in the world.
- Public information about vulnerabilities in Office software has been released.
- A vulnerability in CryptoAPI was reported by the NSA and the British NCSC. The vulnerability could allow an attacker to impersonate and use an existing digital certificate for identification or code signing.
- Vulnerability in Azure Arc-enabled Kubernetes cluster Connect received a maximum CVSS score of 10.0.
- 2 Vulnerabilities in Word could allow remote code execution.
- 4 Vulnerabilities in SharePoint servers could allow remote code execution.
- 7 Vulnerabilities in the PPTP protocol could allow remote code execution.
- For Exchange users, it is recommended to read the company’s publication at the link https://techcommunity.microsoft.com/t5/exchange-team-blog/released-october-2022-exchange-server-security-updates/ba-p/3646263, and act in accordance with its recommendations .
- Security updates have not yet been published for two zero day vulnerabilities in Exchange servers that are actually used for attacks in the world, and the latest method for dealing with them is published at the link https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day -vulnerabilities-in-microsoft-exchange-server/. It is recommended to examine this information even for those who have already implemented the bypass, because several updates were made to it after the initial publication.
- 20 Vulnerabilities in the following components/software may allow remote code execution:
- CVE-2022-33635 Windows GDI+ Remote Code Execution Vulnerability
- CVE-2022-38048 Microsoft Office Remote Code Execution Vulnerability
- CVE-2022-41038 Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2022-41037 Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2022-41036 Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2022-38053 Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2022-41031 Microsoft Word Remote Code Execution Vulnerability
- CVE-2022-38049 Microsoft Office Graphics Remote Code Execution Vulnerability
- CVE-2022-38031 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2022-37982 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2022-41034 Visual Studio Code Remote Code Execution Vulnerability
- CVE-2022-38044 Windows CD-ROM File System Driver Remote Code Execution Vulnerability
- CVE-2022-38040 Microsoft ODBC Driver Remote Code Execution Vulnerability
- CVE-2022-41081 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2022-38047 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2022-38000 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2022-33634 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2022-30198 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2022-24504 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2022-22035 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- 42 Vulnerabilities in the following components/software may allow elevation of privileges:
- CVE-2022-38042 Active Directory Domain Services Elevation of Privilege Vulnerability
- CVE-2022-38017 StorSimple 8000 Series Elevation of Privilege Vulnerability
- CVE-2022-37968 Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
- CVE-2022-37989 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
- CVE-2022-37987 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
- CVE-2022-24516 Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2022-24477 Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2022-21980 Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2022-38051 Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2022-37997 Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2022-37986 Windows Win32k Elevation of Privilege Vulnerability
- CVE-2022-41032 NuGet Client Elevation of Privilege Vulnerability
- CVE-2022-37979 Windows Hyper-V Elevation of Privilege Vulnerability
- CVE-2022-41083 Visual Studio Code Elevation of Privilege Vulnerability
- CVE-2022-37976 Active Directory Certificate Services Elevation of Privilege Vulnerability
- CVE-2022-38029 Windows ALPC Elevation of Privilege Vulnerability
- CVE-2022-41033 Windows COM+ Event System Service Elevation of Privilege Vulnerability
- CVE-2022-38021 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
- CVE-2022-37971 Microsoft Windows Defender Elevation of Privilege Vulnerability
- CVE-2022-37980 Windows DHCP Client Elevation of Privilege Vulnerability
- CVE-2022-37983 Microsoft DWM Core Library Elevation of Privilege Vulnerability
- CVE-2022-37970 Windows DWM Core Library Elevation of Privilege Vulnerability
- CVE-2022-37975 Windows Group Policy Elevation of Privilege Vulnerability
- CVE-2022-37999 Windows Group Policy Preference Client Elevation of Privilege Vulnerability
- CVE-2022-37994 Windows Group Policy Preference Client Elevation of Privilege Vulnerability
- CVE-2022-37993 Windows Group Policy Preference Client Elevation of Privilege Vulnerability
- CVE-2022-38039 Windows Kernel Elevation of Privilege Vulnerability
- CVE-2022-38038 Windows Kernel Elevation of Privilege Vulnerability
- CVE-2022-38037 Windows Kernel Elevation of Privilege Vulnerability
- CVE-2022-38022 Windows Kernel Elevation of Privilege Vulnerability
- CVE-2022-37995 Windows Kernel Elevation of Privilege Vulnerability
- CVE-2022-37991 Windows Kernel Elevation of Privilege Vulnerability
- CVE-2022-37990 Windows Kernel Elevation of Privilege Vulnerability
- CVE-2022-37988 Windows Kernel Elevation of Privilege Vulnerability
- CVE-2022-38016 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
- CVE-2022-38028 Windows Print Spooler Elevation of Privilege Vulnerability
- CVE-2022-38003 Windows Resilient File System Elevation of Privilege
- CVE-2022-38045 Server Service Remote Protocol Elevation of Privilege Vulnerability
- CVE-2022-38027 Windows Storage Elevation of Privilege Vulnerability
- CVE-2022-38050 Win32k Elevation of Privilege Vulnerability
- CVE-2022-37984 Windows WLAN Service Elevation of Privilege Vulnerability
- CVE-2022-38034 Windows Workstation Service Elevation of Privilege Vulnerability
- 8 Vulnerabilities in the following components/software may enable a denial of service attack:
- CVE-2022-37965 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
- CVE-2022-37981 Windows Event Logging Service Denial of Service Vulnerability
- CVE-2022-38036 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
- CVE-2022-37977 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
- CVE-2022-37998 Windows Local Session Manager (LSM) Denial of Service Vulnerability
- CVE-2022-37973 Windows Local Session Manager (LSM) Denial of Service Vulnerability
- CVE-2022-38041 Windows Secure Channel Denial of Service Vulnerability
- CVE-2022-33645 Windows TCP/IP Driver Denial of Service Vulnerability
- 2 Vulnerabilities in the following components/software may allow security measures to be bypassed
- CVE-2022-37978 Windows Active Directory Certificate Services Security Feature Bypass
- CVE-2022-38032 Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
ways of handling:
- Private users with supported systems – it is recommended to use the automatic update interface of the operating system as soon as possible in order to update your systems (“Check for updates”, in the management interface).
- Corporate users – it is recommended to test the suitability of the updates for your systems in a test environment, and install them as soon as possible.
- Attached is an Excel file detailing the vulnerabilities divided into product families. Source – Microsoft’s update site.
Sharing information with the national CERT does not replace the obligation to report to any governing body, insofar as such an obligation applies to the body.
The information is provided as it is (as is), its use is the responsibility of the user and it is recommended to use a professional with appropriate training for its implementation.