Security News > 2022 > November > Microsoft squashes six security bugs already exploited in the wild

Another now-patched bug listed under active exploit, CVE-2022-41091, is a Windows Mark of the Web bypass vulnerability.

Exploiting CVE-2022-41091 involves tricking a victim into opening "a malicious file that would evade Mark of the Web defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MotW tagging," Redmond explained.

Ted teamer Kuba Gretzky also published an in-depth analysis of the bug; it's a good idea to patch ASAP. Finally, CVE-2022-41073, a Windows print spooler elevation of privilege bug, and CVE-2022-41125, a Windows CNG key isolation service elevation of privilege vulnerability, round out the last of the Microsoft flaws being exploited in the wild.

Successful exploit of CVE-2022-41125 could give an attacker SYSTEM privileges.

"The only reason why this vulnerability is not tagged with the maximum CVSS score of 10 is because it requires the attacker to have a minimum set of privileges in order to exploit it," Onapsis' security researcher Thomas Fritsch wrote.

"Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights," according to a Center for Internet Security advisory.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/11/09/microsoft_november_2022_patch_tuesday/