Security News > 2022 > November > Microsoft fixes many zero-days under attack

November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark of the Web bypass flaw, and the ProxyNotShell MS Exchange vulnerabilities.

"In all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment," Microsoft says, but as security researcher Kevin Beaumont recently noted, it has been successfully exploited by different attackers in the wild for months.

According to Beaumont, another MOTW bypass vulnerability fixed this Patch Tuesday is being exploited in the wild - though Microsoft didn't confirm it.

"An attack would need to lure a user to either a specially crafted website or server share. In doing so, they would get their code to execute on an affected system at the level of the logged-on user," commented Dustin Childs, with Trend Micro's Zero Day Initiative.

Obviously, the "ProxyNotShell" Microsoft Exchange Server flaws need to be patched as soon as possible due to in-the-wild exploitation, and the fact that Microsoft has stumbled with the provided mitigations.

Finally, CVE-2022-38023 is not being exploited, but a fix for it should be implemented before Microsoft enforces the necessary updates in July 2023.

News URL

https://www.helpnetsecurity.com/2022/11/08/cve-2022-41091-november-2022-patch-tuesday/