Coming Soon...

Q-CERT website is currently under maintenance. We should be back shortly. Thank you for yor patience.

Microsoft Patch Tuesday- October 2022

Issued: 
Thursday, 13 October, 2022
Last Revision: 
Thursday, 13 October, 2022
Vendor: 
Microsoft
Product: 
Multiple products
Severity Level: 
High
Summary: 

Microsoft release patched for 84 CVEs, with 13 rated as critical and 71 rated as important.

 

The actively exploited zero-day vulnerability fixed today is tracked as “CVE-2022-41033” which is related to Windows COM+ Event System Service Elevation of Privilege. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

 

Microsoft has not released security updates for Microsoft Exchange actively exploited two zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also dubbed to ProxyNotShell. For the mitigation organizations must follow the work around provided by Microsoft provided in "REFERENCES"

 

 

 

CVE/Vulnerability

Description 

Cvss Score

Exploitable

 

 

CVE-2022-38000

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

8.1

No

 

 

CVE-2022-37982

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8

No

 

 

CVE-2022-37976

Active Directory Certificate Services Elevation of Privilege Vulnerability

8.8

No

 

 

CVE-2022- 38016

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

8.8

No

 

 

CVE-2022- 38040

Microsoft ODBC Driver Remote Code Execution Vulnerability

8.8

No

 

 

CVE-2022-41033

Windows COM+ Event System Service Elevation of Privilege Vulnerability

7.8

Yes

 

 

CVE-2022- 37979

Windows Hyper-V Elevation of Privilege Vulnerability

7.8

No

 

 

CVE-2022- 38041

Windows Secure Channel Denial of Service Vulnerability

7.5

No

 

 

CVE-2022- 41038

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8

No

 

 

CVE-2022-38049

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8

No

 

 

CVE-2022-37968

Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability

10

No

 

 

CVE-2022-34689

Windows CryptoAPI Spoofing Vulnerability

7.5

No

 

 

CVE-2022-33634

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

8.1

No

 

 

CVE-2022-22035

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

8.1

No

 

 

CVE-2022-24504

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

8.1

No

 

 

CVE-2022-38047

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

8.1

No

 

 

CVE-2022-41081

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

8.1

No

 

 

CVE-2022-30198

 

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

8.1

No

 

       

 

                                                                                         Table 1: Vulnerability details

 

 

Security Update Types 

 

Affected Product(s)

 

 

 

Active Directory Domain Services

 

 

 

Azure

 

 

 

Azure Arc

 

 

 

Client Server Run-time Subsystem (CSRSS)

 

 

 

Microsoft Edge (Chromium-based)

 

 

 

Microsoft Graphics Component

 

 

 

Microsoft Office

 

 

 

Microsoft Office SharePoint

 

 

 

Microsoft Office Word

 

 

 

Microsoft WDAC OLE DB provider for SQL

 

 

 

NuGet Client

 

 

 

Remote Access Service Point-to-Point Tunneling Protocol

 

 

 

Role: Windows Hyper-V

 

 

 

Service Fabric

 

 

 

Visual Studio Code

 

 

 

Windows Active Directory Certificate Services

 

 

 

Windows ALPC

 

 

 

Windows CD-ROM Driver

 

 

 

Windows COM+ Event System Service

 

 

 

Windows Connected User Experiences and Telemetry

 

 

 

Windows CryptoAPI

 

 

 

Windows Defender

 

 

 

Windows DHCP Client

 

 

 

Windows Distributed File System (DFS)

 

 

 

Windows DWM Core Library

 

 

 

Windows Event Logging Service

 

 

 

Windows Group Policy

 

 

 

Windows Group Policy Preference Client

 

 

 

Windows Internet Key Exchange (IKE) Protocol

 

 

 

Windows Kernel

 

 

 

Windows Local Security Authority (LSA)

 

 

 

Windows Local Security Authority Subsystem Service (LSASS)

 

 

 

Windows Local Session Manager (LSM)

 

 

 

Windows NTFS

 

 

 

Windows NTLM

 

 

 

Windows ODBC Driver

 

 

 

Windows Perception Simulation Service

 

 

 

Windows Point-to-Point Tunneling Protocol

 

 

 

Windows Portable Device Enumerator Service

 

 

 

Windows Print Spooler Components

 

 

 

Windows Resilient File System (ReFS)

 

 

 

Windows Secure Channel

 

 

 

Windows Security Support Provider Interface

 

 

 

Windows Server Remotely Accessible Registry Keys

 

 

 

Windows Server Service

 

 

 

Windows Storage

 

 

 

Windows TCP/IP

 

 

 

Windows USB Serial Driver

 

 

 

Windows Web Account Manager

 

 

 

Windows Win32K

 

 

 

Windows WLAN Service

 

 

 

Windows Workstation Service

 

      

Table 2: Vulnerable versions

 

Recommendation: 

Organizations are strongly encouraged to apply patches as soon as possible, particularly patches for exploited vulnerability and other critical vulnerabilitie

References: 
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability CVE-2022-38000
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2022-37982
Active Directory Certificate Services Elevation of Privilege Vulnerability CVE-2022-37976
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability CVE-2022-38016
Microsoft ODBC Driver Remote Code Execution Vulnerability CVE-2022-38040
Windows COM+ Event System Service Elevation of Privilege Vulnerability CVE-2022-41033
Windows Hyper-V Elevation of Privilege Vulnerability CVE-2022-37979
Windows Secure Channel Denial of Service Vulnerability CVE-2022-38041
Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2022-41038
Microsoft Office Graphics Remote Code Execution Vulnerability CVE-2022-38049
Windows CryptoAPI Spoofing Vulnerability CVE-2022-34689
Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability CVE-2022-37968
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability CVE-2022-33634
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability CVE-2022-22035
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability CVE-2022-24504
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability CVE-2022-41081
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability CVE-2022-30198
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
Microsoft October 2022 Patch Tuesday fixes zero-day used in attacks, 84 flaws