Threat Advisory

Microsoft Patches Zero Day issue in October Patch

October 13, 2022 | By Accorian

For the month of October, Microsoft fixed a total of 85 security flaws through its Patch Tuesday programme. Out of the 85 bugs, 15 are classified as Critical, 69 as Important, and one as Moderate.

The Windows COM+ Event System Service Elevation of Privilege Vulnerability, identified as CVE-2022-41033, is one of the vulnerabilities that was patched. This zero-day flaw is currently being actively exploited. By effectively utilising this vulnerability, an attacker could SYSTEM privileges. CVE-2022-37968, with a CVSS score of 10 was a significant problem that was also resolved. An unauthenticated user may be able to elevate their privileges to that of a cluster administrator and potentially take over the Kubernetes cluster.

Two actively exploited zero-day vulnerabilities identified as CVE-2022-41040 and CVE-2022-41082, commonly known as ProxyNotShell, have sadly not received security fixes from Microsoft. Microsoft claims that the fixes are not yet ready. 39 privilege elevation, 20 RCEs, 11 information disclosure, and 8 denial of service vulnerabilities are among the flaws that were patched. Accorian recommends applying all the patches immediately and considering backing up the system data before applying updates. Accorian assures to assist all its clients. Please feel free to reach out to us if you have any questions. To find the complete list of patched vulnerabilities, kindly check out this.

Accorian can help identify this vulnerability in your environment. 


Threat Advisory Team 


Recent Post

Ready to Start?

Ready to Start?​

Drop your CVs to

Interested Position

Download Case study

Download SOC2 Guide