Security News > 2022 > November > Microsoft fixes many zero-days under attack

November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark of the Web bypass flaw, and the ProxyNotShell MS Exchange vulnerabilities.
"In all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment," Microsoft says, but as security researcher Kevin Beaumont recently noted, it has been successfully exploited by different attackers in the wild for months.
According to Beaumont, another MOTW bypass vulnerability fixed this Patch Tuesday is being exploited in the wild - though Microsoft didn't confirm it.
"An attack would need to lure a user to either a specially crafted website or server share. In doing so, they would get their code to execute on an affected system at the level of the logged-on user," commented Dustin Childs, with Trend Micro's Zero Day Initiative.
Obviously, the "ProxyNotShell" Microsoft Exchange Server flaws need to be patched as soon as possible due to in-the-wild exploitation, and the fact that Microsoft has stumbled with the provided mitigations.
Finally, CVE-2022-38023 is not being exploited, but a fix for it should be implemented before Microsoft enforces the necessary updates in July 2023.
News URL
https://www.helpnetsecurity.com/2022/11/08/cve-2022-41091-november-2022-patch-tuesday/
Related news
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-09 | CVE-2022-41091 | Unspecified vulnerability in Microsoft products Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
2022-11-09 | CVE-2022-38023 | Netlogon RPC Elevation of Privilege Vulnerability | 0.0 |