Microsoft has released fixes for 85 vulnerabilities as part of the October 2022 Patch Tuesday, including 15 that are rated critical and one listed as being exploited in the wild.
However, the company still has yet to release patches for the two Exchange vulnerabilities that were reported as being actively exploited last week. Admins should continue to follow Microsoft’s guidance on workarounds until official fixes are released.
In the meantime, IT admins still have a number of vulnerabilities to prioritize this month.
CVE-2022-41033 – Windows COM+ Event System Service Elevation of Privilege Vulnerability
According to Microsoft, this bug in Windows COM+ Event System Service could give an attacker SYSTEM privileges. The CVSS score of 7.8 isn’t all that high, but since it is being actively exploited, this is one admins should prioritize, says Satnam Narang, senior staff research engineer at vulnerability management company Tenable.
The Windows COM+ Event System Service enables system event notifications for COM+ components. An authenticated attacker could execute a specially crafted application designed to exploit the bug on a vulnerable system and gain SYSTEM privileges.
This is likely paired with a code execution bug that involves some level of social engineering.
“Microsoft reports that this vulnerability has been exploited in the wild, though no specific details have been shared about its exploitation,” Narang says. “It was reported to Microsoft by an anonymous individual. While elevation of privilege vulnerabilities require an attacker to gain access to a system through other means, they are still a valuable tool in an attacker’s toolbox.”
CVE-2022-37968 – Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
Nearly half of the bugs Microsoft fixed this month are elevation of privilege bugs, including this one which could allow an attacker to gain administrative control over Azure Arc-enabled Kubernetes clusters. According to Zero Day Initiative, Azure Stack Edge devices may also be impacted.
To exploit the bug remotely, attackers would first need to know the randomly
CVE-2022-38028 – Windows Print Spooler elevation of privilege vulnerability
This bug pairs another elevation of privilege flaw with yet another bug in Windows Print Spooler. Successful exploitation would allow an attacker to gain system privileges. Print Spooler bugs are nothing new, but this one was reported to Microsoft by the National Security Agency, the third such bug credited to the agency this year. With that in mind, make sure this one is also prioritized, Tenable researchers say.
CVE-2022-38048 – Microsoft Office Remote Code Execution Vulnerability
This is another critical-rated bug highlighted by ZDI, although the organization says Office bugs aren’t typically rated this high since they usually involve user interaction. The rating could result from the lack of warning dialogs when opening a specially crafted file. This could lead to passing an arbitrary pointer to a free call which makes further memory corruption possible, ZDI notes.
CVE-2022-37976 – Active Directory Certificate Services elevation of privilege vulnerability
Another bug highlighted by Tenable researchers, this elevation of privilege flaw could result in a malicious Distributed Component Object Model (DCOM) client being used to entice a DCOM server to authenticate to the client, allowing an attacker to perform a cross-protocol attack and gain domain admin privileges.
Tenable researchers note that ransomware groups often seek out flaws and misconfigurations in Active Directory to spread malicious payloads across a victim’s network.
For more information and a complete list on the October 2022 Patch Tuesday updates, read these blogs from Tenable and ZDI.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply