Security News > 2022 > November > Microsoft fixes many zero-days under attack

November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark of the Web bypass flaw, and the ProxyNotShell MS Exchange vulnerabilities.
"In all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment," Microsoft says, but as security researcher Kevin Beaumont recently noted, it has been successfully exploited by different attackers in the wild for months.
According to Beaumont, another MOTW bypass vulnerability fixed this Patch Tuesday is being exploited in the wild - though Microsoft didn't confirm it.
"An attack would need to lure a user to either a specially crafted website or server share. In doing so, they would get their code to execute on an affected system at the level of the logged-on user," commented Dustin Childs, with Trend Micro's Zero Day Initiative.
Obviously, the "ProxyNotShell" Microsoft Exchange Server flaws need to be patched as soon as possible due to in-the-wild exploitation, and the fact that Microsoft has stumbled with the provided mitigations.
Finally, CVE-2022-38023 is not being exploited, but a fix for it should be implemented before Microsoft enforces the necessary updates in July 2023.
News URL
https://www.helpnetsecurity.com/2022/11/08/cve-2022-41091-november-2022-patch-tuesday/
Related news
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-09 | CVE-2022-41091 | Unspecified vulnerability in Microsoft products Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
2022-11-09 | CVE-2022-38023 | Netlogon RPC Elevation of Privilege Vulnerability | 0.0 |