Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,566
Content source
https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2022-patch-tuesday-fixes-6-exploited-zero-days-68-flaws/
Today is Microsoft's November 2022 Patch Tuesday, and with it comes fixes for six actively exploited Windows vulnerabilities and a total of 68 flaws.

Eleven of the 68 vulnerabilities fixed in today's update are classified as 'Critical' as they allow privilege elevation, spoofing, or remote code execution, one of the most severe types of vulnerabilities.

The number of bugs in each vulnerability category is listed below:
  • 27 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 16 Remote Code Execution Vulnerabilities
  • 11 Information Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities
The above counts do not include two OpenSSL vulnerabilities disclosed on November 2nd.
Click to expand...
www.bleepingcomputer.com

Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws

Today is Microsoft's November 2022 Patch Tuesday, and with it comes fixes for six actively exploited Windows vulnerabilities and a total of 68 flaws.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: Nevi, brambedkar59, mkoundo and 4 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,566
THE NOVEMBER 2022 SECURITY UPDATE REVIEW
Welcome to the penultimate Patch Tuesday of 2021. As expected, Adobe and Microsoft have released their latest security updates and fixes to the world. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.

Adobe Patches for November 2022

For November, Adobe released no patches at all. They’ve released as few as one in the past, but this is the first month in the last six years where they had no fixes at all. Perhaps the U.S. elections play a factor, as Patch Tuesday hasn’t fallen on Election Day since 2016. Whatever the cause, enjoy a month of no Adobe updates.

Microsoft Patches for November 2022

This month, Microsoft released 64 new patches addressing CVEs in Microsoft Windows and Windows Components; Azure and Azure Real Time Operating System; Microsoft Dynamics; Exchange Server; Office and Office Components; SysInternals; Visual Studio; SharePoint Server; Network Policy Server (NPS); Windows BitLocker; and Linux Kernel and Open Source Software. This is in addition to five other CVEs from third parties being integrated into Microsoft products bringing the total number of fixes to 69. Six of these CVEs were submitted through the ZDI program.

Of the 64 new patches released today, nine are rated Critical and 52 are rated Important in severity. This volume is similar to previous November releases. It also pushes Microsoft over the number of fixes they released in 2021 and makes this year their second busiest ever for patches.

One of the new CVEs released this month is listed as publicly known and six others are listed as being in the wild at the time of release, which includes the two Exchange bugs listed as under active attack since September. Let’s take a closer look at some of the more interesting updates for this month, starting with those Exchange fixes we’ve been waiting for:
Click to expand...
www.zerodayinitiative.com

Zero Day Initiative — The November 2022 Security Update Review

Welcome to the penultimate Patch Tuesday of 2021. As expected, Adobe and Microsoft have released their latest security updates and fixes to the world. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings. Adobe Patches for No
www.zerodayinitiative.com www.zerodayinitiative.com
 
  • Like
  • +Reputation
Reactions: Nevi, brambedkar59, Moonhorse and 5 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,566
Microsoft Windows Security Updates November 2022 overview
The following Excel spreadsheet includes the released security updates for Windows and other company products. Just download it with a click on the following link: security-updates-windows-november-2022

Executive Summary​

  • Windows 10 version 22H2, aka the Windows 10 2022 Update, was released this month.
  • There won't be a preview update for the month of December 2022.
  • Microsoft released security updates for all supported client and server versions of Windows.
  • Microsoft released security updates for other company products, including .NET Framework, Azure, Microsoft Dynamics, Microsoft Office, SysInternals, Visual Studio.
  • The following client versions of Windows have known issues: Windows 7, Windows 8.1, Windows 10 version 21H2, Windows 11 version 22H2
  • The following server versions of Windows have known issues: Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows Server 2019
Click to expand...
www.ghacks.net

Microsoft Windows Security Updates November 2022 overview - gHacks Tech News

This is an overview of the security and non-security updates that Microsoft released on the November 2022 Patch Day for Windows.
www.ghacks.net
 
  • Like
  • Thanks
Reactions: Nevi, brambedkar59, Moonhorse and 6 others
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,147
As part of the November Patch Tuesday updates, Microsoft fixed numerous vulnerabilities that allowed threat actors to craft files that can bypass the Mark of the Web security feature.

Included in the updates was an unexpected fix for a bug that threat actors commonly abuse in phishing campaigns.

According to Bill Demirkapi, an engineer in Microsoft MSRC's Vulnerability and Mitigations team, a bug was fixed that prevented the MoTW flag from propagating to files inside an ISO disk image.

Click to expand...

www.bleepingcomputer.com

Microsoft fixes MoTW zero-day used to drop malware via ISO files

Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files, dealing a massive blow to malware distributors and developers.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: oldschool, Gandalf_The_Grey, Nevi and 4 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Microsoft August 2023 Patch Tuesday warns of 2 zero-days, 87 flaws
Replies
2
Views
944
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
    • Thanks
Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs
Replies
2
Views
902
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
    • Thanks
Microsoft May 2023 Patch Tuesday fixes 3 zero-days, 38 flaws
Replies
6
Views
1,692
News Archive
simmerskool
simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top