• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
Compliance, IT Infrastructure, Network Security, News

November 2022 Patch Tuesday: Four Actively Exploited Zero Days

Microsoft’s November 2022 Patch Tuesday includes fixes for four actively exploited zero-day vulnerabilities.

November 8, 2022 Zachary Comeau Leave a Comment

June 2023 Patch Tuesday. Patch Tuesday,

Microsoft’s November 2022 Patch Tuesday is a particularly important one, as the company has released fixes for four zero-day vulnerabilities, all of which are currently being exploited in the wild.

In total, the Redmond, Wash. software giant has released fixes for 62 security bugs, including nine rated critical and 53 rated important.

Here’s a look at some of the notable ones, including those four zero-days:

CVE-2022-41073 – Elevation of Privilege in Windows Print Spooler

Yet another vulnerability in Windows Print Spooler is patched this month, but this one stands out because it is the first such bug to be exploited in the wild by attackers. Several Print Spooler flaws have been patched since the PrintNightmare bugs from summer 2022, and it appears that attackers are catching on.

“We’ve long warned that once Pandora’s box was open with PrintNightmare, flaws within Windows Print Spooler would come back to haunt organizations, and based on the success ransomware groups and other threat actors have had with PrintNightmare, a continued focus on the ubiquitous nature of Windows Print Spooler makes it one of the most attractive targets for privilege escalation and remote code execution,” says Satnam Narang, senior staff research engineer at Tenable.

Zero Day Initiative (ZDI) advises that disabling Print Spooler should be an effective workaround if users can deal with printing issues.

CVE-2022-41128 – Remote Code Execution in the Windows Sprinting Language

This bug affects Microsoft’s Jscript9 scripting language and requires user interaction, meaning an attacker would need to convince a victim running a vulnerable version of Windows to visit a specially crafted server share or website through some type of social engineering, according to Narang.

According to ZDI, the attacker could execute their code on an affected system at the level of the logged-on user.

CVE-2022-41125 – Windows CNG Key Isolation Service Elevation of Privilege

This is another actively exploited bug, an elevation of privilege vulnerability in the Windows Cryptography API: Next Generation (CNG) Key Isolation Service. This is a service for isolating private keys hosted in the Local Security Authority (LSA) process. Exploitation of this vulnerability could grant an attacker SYSTEM privileges.

ZDI notes that an attacker would need to be authenticated, so it is likely paired with a remote code execution bug.

CVE-2022-41091 – Windows Mark of the Web Security Feature Bypass

This is one of two security feature bypass vulnerabilities in Windows Mark of the Web (MoTW), a feature designed to flag files that have been downloaded from the internet and prompts users with a security warning. This is being actively exploited, so it’s another one to prioritize.

Narang, citing HP researchers, says this bug was recently discovered as being exploited in the wild by the Magniber ransomware group as fake software updates.

CVE-2022-41040 and CVE-2022-41082 – Microsoft Exchange Server Elevation of Privilege and Remote Code Execution

Microsoft has finally fixed these bugs, collectively known as ProxyNotShell. They are also being actively exploited in the wild, and can result in hands-on-keyboard access and Active Directory reconnaissance and data exfiltration. Read this article for more information.

Read blogs from ZDI and Tenable and Microsoft’s Security Update Guide for more information on these vulnerabilities and others included in the November 2022 Patch Tuesday updates.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Microsoft, Patch Tuesday

Related Content:

  • Cloud, SASE, Aryaka How the Cloud is Redefining Media Production and…
  • Singlewire Software mass notification interview Singlewire Software on Mass Notification Solutions
  • URI catchbox 1 Catchbox Plus: The Mic Solution That Finally Gave…
  • Engaging virtual meeting with diverse participants discussing creative ideas in a bright office space during daylight hours Diversified Survey: Workplace AV Tech is Falling Short,…

Free downloadable guide you may like:

  • Practical Design Guide for Office SpacesPractical Design Guide for Office Spaces

    Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-face time with co-workers. When designing the office spaces — and meeting spaces in particular — enabling that connection between co-workers is crucial. But introducing the right collaboration technology in meeting spaces can […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.