It is no surprise that Microsoft’s products are on the hit list of cyber attacks, given the steadily increasing number of zero-day attacks against them. It is the second time in two months that the reputed software maker has released patches to fix already exploited zero-days in its scheduled Patch Tuesday update. The company urged Windows Administrators to install the updates urgently.
The details of these flaws and the subsequent fixes are as follows:
Microsoft Fixes Crucial Flaws in Patch Tuesday Update
According to the tech giant, in its monthly security update, Patch Tuesday, the company has released patches for 68 vulnerabilities, including six unique, actively exploited zero-days. These flaws were flagged in the Exploitation Category. This includes two fixes for Exchange Server security flaws that a state-sponsored entity exploited for several months.
Twelve flaws were marked Critical, two of which were rated High, whereas fifty-five were rated Important in severity. The company also released patches for weaknesses fixed the previous week by OpenSSL.
Microsoft separately fixed another actively exploited vulnerability, CVE-2022-3723. It was detected in Chromium-based browsers.
Zero-Days Details
Microsoft’s security response team described four new and already exploited zero-days tracked as CVE-2022-41125, CVE-2022-41073, CVE-2022-41091, and CVE-2022-41128.
The CVE-2022-41128 was detected by Google TAG’s Benoît Sevens and Clément Lecigne, found in the Jscript9 component. It occurred when the target was lured to visit a malicious website.
The CVE-2022-41091 is a security bypass flaw in Windows MoTW (Mark of the Web), which was recently discovered to be weaponized by the Magniber ransomware actor, and users were targeted with fake software updates. A malicious file could help the attacker evade MoTW defenses that lead to loss of integrity and security features like MS Office’s Protected View, Microsoft’s advisory read.
Microsoft Exchange Server Vulnerabilities
In addition, they also patched two Microsoft Exchange server flaws tracked as CVE-2022-41040 and CVE-2022-41082. These exploits were used for privilege escalation, RCE (remote code execution), and feature bypassing.
The first four flaws impacted the Windows CNG Key Isolation Service, the Windows Print Spooler, Windows Mark of the Web Security, and Windows Scripting Languages. The other two flaws that affected Exchange Server entailed an RCE, and a privilege escalation bug, which was actually part of an extended exploit chain that Microsoft believes was exploited by a state-sponsored threat actor.
According to Microsoft, due to security issues, at least ten organizations have been targeted. Both flaws are documented as SSRF (server-side request forgery) issues.
Critical Vulnerabilities Fixed in November
Other Critical-rated vulnerabilities were privilege escalation flaws discovered in Windows Kerberos RC4-HMAC (CVE-2022-37966), Kerberos (CVE-2022-37967), and Microsoft Exchange Server (CVE-2022-41080). Moreover, a denial-of-service flaw was also fixed that impacted Windows Hyper-V (CVE-2022-38015).
