Microsoft has just released the security bulletin for October month’s ‘Patch Tuesday’ project. The security bulletin shares details of 84 vulnerabilities.
Out of these 84 vulnerabilities there are:
- 13 CRITICAL vulnerabilities
- 2 zero-day threats
- 14 vulnerabilities that are ‘more likely to be exploited’.
We focus our attention on the zero-day threats for the month of October 2022.
Zero day threats in October security update:
CVE-2022-41033 – Windows COM+ Event System Service Elevation of Privilege Vulnerability
This is a CVSS 7.8 vulnerability with ‘IMPORTANT’ severity rating. It affects Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows 10 (all versions) and Windows 11 (all versions). The corresponding ‘Server Core’ installation editions are also affected by this vulnerability.
An attacker could assume system privileges upon a successful attack.
CVE-2022-41033 is being already exploited. Installing the October security updates provides protection against this ‘EoP’ or ‘Elevation of Privilege’ attack.
CVE-2022-30134 – Microsoft Exchange Information Disclosure Vulnerability
This is a CVSS 6.5 vulnerability with ‘IMPORTANT’ severity level. CVE-2022-30134 affects the following Microsoft Exchange versions:
- Microsoft Exchange Server 2019 Cumulative update 11
- Microsoft Exchange Server 2019 Cumulative update 12
- Microsoft Exchange Server 2016 Cumulative update 22
- Microsoft Exchange Server 2016 Cumulative update 23
- Microsoft Exchange Server 2013 Cumulative update 23
Any authenticated user can cause the security exploitation and read through emails on the Exchange server, thus causing an ‘information disclosure’ impact.
More details about the Exchange Server vulnerability can be found on the Exchange server blog on this page.
CRITICAL vulnerabilities in October Security updates
The following 13 vulnerabilities have CRITICAL severity levels.
| Vulnerability | CVSS Rating | Comments |
|---|---|---|
| CVE-2022-22035 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-30198 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-34689 | 7.5 | Windows CryptoAPI Spoofing Vulnerability |
| CVE-2022-37976 | 7.8 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2022-33634 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-24504 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-37979 | 7.8 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2022-37968 | 10 | Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability |
| CVE-2022-41081 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-41038 | 8.8 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2022-38000 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-38048 | 7.8 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2022-38047 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
Of these vulnerabilities, the Azure Kubernetes vulnerability has a CVSS score of 10 and needs immediate patching for the Kubernetes cluster on Microsoft Azure cloud platform.
Apart from the above-stated zero-day threats and CRITICAL vulnerabilities, the following vulnerabilities have a high chance of being exploited:
- CVE-2022-38053 – Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2022-38051 – Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2022-38050 – Win32k Elevation of Privilege Vulnerability
- CVE-2022-38028 – Windows Print Spooler Elevation of Privilege Vulnerability
- CVE-2022-37997 – Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2022-37989 – Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
- CVE-2022-37987 – Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
- CVE-2022-37974 – Windows Mixed Reality Developer Tools Information Disclosure Vulnerability
- CVE-2022-37970 – Windows DWM Core Library Elevation of Privilege Vulnerability
- CVE-2022-34689 – Windows CryptoAPI Spoofing Vulnerability
- CVE-2022-24516 – Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2022-24477 – Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2022-21980 – Microsoft Exchange Server Elevation of Privilege Vulnerability
Some of these vulnerabilities were detected in the past. However, all these vulnerabilities have received fresh updates as part of the October 11 ‘Patch Tuesday’ updates.
Most of these security issues can be resolved by installing this month’s latest cumulative updates or the latest security updates on the Windows servers and workstations.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.