Threat Advisory

Microsoft Patches Zero Day issue in October Patch

October 13, 2022 | By Accorian

For the month of October, Microsoft fixed a total of 85 security flaws through its Patch Tuesday programme. Out of the 85 bugs, 15 are classified as Critical, 69 as Important, and one as Moderate.

The Windows COM+ Event System Service Elevation of Privilege Vulnerability, identified as CVE-2022-41033, is one of the vulnerabilities that was patched. This zero-day flaw is currently being actively exploited. By effectively utilising this vulnerability, an attacker could SYSTEM privileges. CVE-2022-37968, with a CVSS score of 10 was a significant problem that was also resolved. An unauthenticated user may be able to elevate their privileges to that of a cluster administrator and potentially take over the Kubernetes cluster.

Two actively exploited zero-day vulnerabilities identified as CVE-2022-41040 and CVE-2022-41082, commonly known as ProxyNotShell, have sadly not received security fixes from Microsoft. Microsoft claims that the fixes are not yet ready. 39 privilege elevation, 20 RCEs, 11 information disclosure, and 8 denial of service vulnerabilities are among the flaws that were patched. Accorian recommends applying all the patches immediately and considering backing up the system data before applying updates. Accorian assures to assist all its clients. Please feel free to reach out to us if you have any questions. To find the complete list of patched vulnerabilities, kindly check out this.

Accorian can help identify this vulnerability in your environment. 

Source: https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct

Threat Advisory Team 

Accorian

Recent Post

    Ready to Start?



      Ready to Start?



        Download Case study




          Download Guide




          Human Resources Director

          Posted On: 09 May, 2022

          Drop your CVs to joinourteam@accorian.com

            Interested Position

            First Name

            Last Name

            Email

            Total Experience

            Mobile Number

            Upload Resume