The American multinational technology corporation Microsoft reported six zero-day vulnerabilities. These bugs were in the open and could be exploited by the threat actors for personal and financial gains.
In the November Patch Tuesday, Microsoft also reported 22 vulnerabilities in Windows products that were more likely to be exploited. Among these vulnerabilities, four were recorded as zero days and weren’t fixed by the company. For November 2022, Microsoft published 67 new CVEs related to Windows operating systems.
Microsoft November’s Patch Tuesday update
The six vulnerabilities Microsoft fixed in November’s Patch Tuesday were reported as zero-day, and one was publicly disclosed. Two Exchange Server-related zero-day CVEs were resolved among the vulnerabilities, and Microsoft is already working to fix the other vulnerabilities in the coming weeks. The fixes include the following:
The CVE-2022-41128 vulnerability works around an infected Windows operating system that a user could use to connect to a malicious server. For this vulnerability to work, the attacker must force the user to visit the injected server or the website. In short, a threat actor needs to set up phishing traps to lure the victim to visit the phishing page or server.
In this vulnerability, the hacker could create a malicious file/document that could be used to evade the Mark of the Web (MOTW) defenses. The threat actor could bypass the Windows security feature using a particular zip file. This technique can temporarily limit the security features in Microsoft Office.
CVE-2022-41073, or Windows Print Spooler Elevation of Privilege Vulnerability, was discovered by Microsoft Threat Intelligence Center (MSTIC). According to the reports, CVE-2022-41073 allows a threat actor to gain system privileges and perform actions as the system administrator. This vulnerability could be fatal for the organization as admin rights would give the attacker immediate access to all the network files and the storage of all the connected computers. This is one of the six vulnerabilities fixed by Microsoft today.
The Windows CNG Key Isolation Service Elevation of Privilege Vulnerability, better known by its CVE id “CVE-2022-41125,” is almost similar to the Windows Print Spooler Elevation of Privilege Vulnerability (CVE-2022-41073). In both vulnerabilities, the threat actor could gain access to system privileges.
For CVE-2022-41040 to work correctly, the threat actor must access the admin privileges, which could be used to run PowerShell in the system context. The vulnerability was first reported by GTSC and disclosed through the Zero Dat initiative.
GTSC reported the Microsoft Exchange Server Remote Code Execution Vulnerability, and it targets the server accounts using a remote code execution by the attacker. To attempt to execute malicious code in the context of the server’s performance, the attacker might try to initiate a network call while posing as an authenticated user.