Today’s VERT Alert addresses Microsoft’s November 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1029 on Wednesday, November 9th.
In-The-Wild & Disclosed CVEs
This vulnerability allows a malicious individual to bypass Mark of the Web. Mark of the Web is what is used to present security warnings when opening files and the reason why some files contain the ‘Enable Content’ button. This vulnerability was summed up by researcher Will Dormann in three words: ‘read-only files.’ For example, Windows Explorer, when extracting a zip file, will write the file, set it read-only, and then attempt to set Mark of the Web and fail. Alternatively, 7-Zip, as Will pointed out, will write the file, set Mark of the Web, and then set it to read-only. Ultimately, this all came down to order of operations. This should be a priority when patching this month as Microsoft has noted that it has been both publicly disclosed and exploited in the wild.
A vulnerability in JScript9 is currently seeing active exploitation according to Microsoft. JScript is Microsoft’s implementation of ECMAScript and JScript9 is the version used in Internet Explorer 9 and newer. All versions of Windows from Windows 7 to Windows 11 (and server variants) are impacted by this vulnerability.
Up next, we have a Print Spooler vulnerability that could allow a malicious individual to gain SYSTEM level access. All versions of Windows from Windows 7 to Windows 11 (and server variants) are impacted by this vulnerability.
The Windows CNG Key Isolation Service contains a vulnerability that, when successfully exploited, could allow a malicious individual to gain SYSTEM level access. CNG (Cryptography API Next Generation) Key Isolation performs key isolation to private keys in order to meet Common Criteria compliance.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
|
Tag |
CVE Count |
CVEs |
|
Windows Netlogon |
1 |
CVE-2022-38023 |
|
Open Source Software |
2 |
CVE-2022-3602, CVE-2022-3786 |
|
Microsoft Office Word |
3 |
CVE-2022-41060, CVE-2022-41103, CVE-2022-41061 |
|
Windows Resilient File System (ReFS) |
1 |
CVE-2022-41054 |
|
Visual Studio |
2 |
CVE-2022-39253, CVE-2022-41119 |
|
Microsoft Dynamics |
1 |
CVE-2022-41066 |
|
Linux Kernel |
1 |
CVE-2022-38014 |
|
Windows Mark of the Web (MOTW) |
2 |
CVE-2022-41091, CVE-2022-41049 |
|
Microsoft Office SharePoint |
2 |
CVE-2022-41122, CVE-2022-41062 |
|
Windows Devices Human Interface |
1 |
CVE-2022-41055 |
|
Microsoft Office Excel |
3 |
CVE-2022-41104, CVE-2022-41106, CVE-2022-41063 |
|
Microsoft Graphics Component |
2 |
CVE-2022-41052, CVE-2022-41113 |
|
AMD CPU Branch |
1 |
CVE-2022-23824 |
|
Microsoft Exchange Server |
4 |
CVE-2022-41078, CVE-2022-41123, CVE-2022-41079, CVE-2022-41080 |
|
Windows Point-to-Point Tunneling Protocol |
5 |
CVE-2022-41039, CVE-2022-41044, CVE-2022-41088, CVE-2022-41090, CVE-2022-41116 |
|
Microsoft Office |
2 |
CVE-2022-41105, CVE-2022-41107 |
|
Windows ODBC Driver |
2 |
CVE-2022-41047, CVE-2022-41048 |
|
Windows DWM Core Library |
1 |
CVE-2022-41096 |
|
Windows HTTP.sys |
1 |
CVE-2022-41057 |
|
Windows Bind Filter Driver |
1 |
CVE-2022-41114 |
|
Windows Network Address Translation (NAT) |
1 |
CVE-2022-41058 |
|
Windows Scripting |
2 |
CVE-2022-41128, CVE-2022-41118 |
|
Windows Group Policy Preference Client |
2 |
CVE-2022-37992, CVE-2022-41086 |
|
.NET Framework |
1 |
CVE-2022-41064 |
|
Windows Overlay Filter |
2 |
CVE-2022-41101, CVE-2022-41102 |
|
Windows CNG Key Isolation Service |
1 |
CVE-2022-41125 |
|
Windows Win32K |
3 |
CVE-2022-41092, CVE-2022-41098, CVE-2022-41109 |
|
Azure |
2 |
CVE-2022-41085, CVE-2022-39327 |
|
Windows Kerberos |
3 |
CVE-2022-37966, CVE-2022-37967, CVE-2022-41053 |
|
Windows Extensible File Allocation |
1 |
CVE-2022-41050 |
|
Windows Print Spooler Components |
1 |
CVE-2022-41073 |
|
Role: Windows Hyper-V |
1 |
CVE-2022-38015 |
|
Windows Advanced Local Procedure Call |
1 |
CVE-2022-41093 |
|
Azure Real Time Operating System |
1 |
CVE-2022-41051 |
|
Windows BitLocker |
1 |
CVE-2022-41099 |
|
Windows ALPC |
2 |
CVE-2022-41100, CVE-2022-41045 |
|
SysInternals |
1 |
CVE-2022-41120 |
|
Windows Digital Media |
1 |
CVE-2022-41095 |
|
Network Policy Server (NPS) |
2 |
CVE-2022-41097, CVE-2022-41056 |
Other Information
At the time of publication, there were no new advisories included with the November Security Guidance.
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
