Tech News Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws

Gandalf_The_Grey

Level 66
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,595
Today is Microsoft's November 2022 Patch Tuesday, and with it comes fixes for six actively exploited Windows vulnerabilities and a total of 68 flaws.

Eleven of the 68 vulnerabilities fixed in today's update are classified as 'Critical' as they allow privilege elevation, spoofing, or remote code execution, one of the most severe types of vulnerabilities.

The number of bugs in each vulnerability category is listed below:
  • 27 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 16 Remote Code Execution Vulnerabilities
  • 11 Information Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities
The above counts do not include two OpenSSL vulnerabilities disclosed on November 2nd.
 

Gandalf_The_Grey

Level 66
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,595
THE NOVEMBER 2022 SECURITY UPDATE REVIEW
Welcome to the penultimate Patch Tuesday of 2021. As expected, Adobe and Microsoft have released their latest security updates and fixes to the world. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.

Adobe Patches for November 2022

For November, Adobe released no patches at all. They’ve released as few as one in the past, but this is the first month in the last six years where they had no fixes at all. Perhaps the U.S. elections play a factor, as Patch Tuesday hasn’t fallen on Election Day since 2016. Whatever the cause, enjoy a month of no Adobe updates.

Microsoft Patches for November 2022

This month, Microsoft released 64 new patches addressing CVEs in Microsoft Windows and Windows Components; Azure and Azure Real Time Operating System; Microsoft Dynamics; Exchange Server; Office and Office Components; SysInternals; Visual Studio; SharePoint Server; Network Policy Server (NPS); Windows BitLocker; and Linux Kernel and Open Source Software. This is in addition to five other CVEs from third parties being integrated into Microsoft products bringing the total number of fixes to 69. Six of these CVEs were submitted through the ZDI program.

Of the 64 new patches released today, nine are rated Critical and 52 are rated Important in severity. This volume is similar to previous November releases. It also pushes Microsoft over the number of fixes they released in 2021 and makes this year their second busiest ever for patches.

One of the new CVEs released this month is listed as publicly known and six others are listed as being in the wild at the time of release, which includes the two Exchange bugs listed as under active attack since September. Let’s take a closer look at some of the more interesting updates for this month, starting with those Exchange fixes we’ve been waiting for:
 

Gandalf_The_Grey

Level 66
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,595
Microsoft Windows Security Updates November 2022 overview
The following Excel spreadsheet includes the released security updates for Windows and other company products. Just download it with a click on the following link: security-updates-windows-november-2022

Executive Summary​

  • Windows 10 version 22H2, aka the Windows 10 2022 Update, was released this month.
  • There won't be a preview update for the month of December 2022.
  • Microsoft released security updates for all supported client and server versions of Windows.
  • Microsoft released security updates for other company products, including .NET Framework, Azure, Microsoft Dynamics, Microsoft Office, SysInternals, Visual Studio.
  • The following client versions of Windows have known issues: Windows 7, Windows 8.1, Windows 10 version 21H2, Windows 11 version 22H2
  • The following server versions of Windows have known issues: Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows Server 2019
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
8,431
As part of the November Patch Tuesday updates, Microsoft fixed numerous vulnerabilities that allowed threat actors to craft files that can bypass the Mark of the Web security feature.

Included in the updates was an unexpected fix for a bug that threat actors commonly abuse in phishing campaigns.

According to Bill Demirkapi, an engineer in Microsoft MSRC's Vulnerability and Mitigations team, a bug was fixed that prevented the MoTW flag from propagating to files inside an ISO disk image.


 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top