October 2022 Microsoft Patch Tuesday

Published: 2022-10-11
Last Updated: 2022-10-11 17:22:43 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

Microsoft today released patches for 96 vulnerabilities. 13 patches are rated as critical, 71 as important and 1 as moderate. The Chromium vulnerabilities affecting Microsoft Edge have no rating.

Most notable is the patch that is not included. We do not have a patch for the current Exchange vulnerability.

One vulnerability, CVE-2022-41003, a Windows COM+ Event System Service Elevation of Privilege Vulnerability, is already being exploited.

CVE-2022-41043, a Microsoft Office Information Disclosure Vulnerability, was made public before the patch was released.

Several vulnerabilities in Windows Point-to-Point Tunneling Protocol were rated critical and may lead to code execution. One vulnerability, an elevation of privilege vulnerability in Azure Arc-enabled Kubernetes cluster Connect was rated with a perfect 10.0 CVSS score.

 

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Active Directory Certificate Services Elevation of Privilege Vulnerability
CVE-2022-37976 No No Less Likely Less Likely Critical 8.8 7.7
Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2022-38042 No No Less Likely Less Likely Important 7.1 6.2
Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
CVE-2022-37968 No No Less Likely Less Likely Critical 10.0 8.7
Chromium: CVE-2022-3304 Use after free in CSS
CVE-2022-3304 No No - - -    
Chromium: CVE-2022-3307 Use after free in Media
CVE-2022-3307 No No - - -    
Chromium: CVE-2022-3308 Insufficient policy enforcement in Developer Tools
CVE-2022-3308 No No - - -    
Chromium: CVE-2022-3310 Insufficient policy enforcement in Custom Tabs
CVE-2022-3310 No No - - -    
Chromium: CVE-2022-3311 Use after free in Import
CVE-2022-3311 No No - - -    
Chromium: CVE-2022-3313 Incorrect security UI in Full Screen
CVE-2022-3313 No No - - -    
Chromium: CVE-2022-3315 Type confusion in Blink
CVE-2022-3315 No No - - -    
Chromium: CVE-2022-3316 Insufficient validation of untrusted input in Safe Browsing
CVE-2022-3316 No No - - -    
Chromium: CVE-2022-3317 Insufficient validation of untrusted input in Intents
CVE-2022-3317 No No - - -    
Chromium: CVE-2022-3370 Use after free in Custom Elements
CVE-2022-3370 No No - - -    
Chromium: CVE-2022-3373 Out of bounds write in V8
CVE-2022-3373 No No - - -    
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVE-2022-38021 No No Less Likely Less Likely Important 7.0 6.1
Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
CVE-2022-38036 No No Unlikely Less Likely Important 7.5 6.5
Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
CVE-2022-37977 No No Less Likely Less Likely Important 6.5 5.7
Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2022-37983 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2022-41035 No No Less Likely Less Likely Moderate 8.3 7.5
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-38040 No No Less Likely Less Likely Important 8.8 7.7
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-38049 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Office Information Disclosure Vulnerability
CVE-2022-41043 Yes No Less Likely Less Likely Important 3.3 2.9
Microsoft Office Remote Code Execution Vulnerability
CVE-2022-38048 No No Less Likely Less Likely Critical 7.8 6.8
Microsoft Office Spoofing Vulnerability
CVE-2022-38001 No No Less Likely Less Likely Important 6.5 5.7
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-41036 No No More Likely More Likely Important 8.8 7.7
CVE-2022-41037 No No Less Likely Less Likely Important 8.8 7.7
CVE-2022-38053 No No More Likely More Likely Important 8.8 7.7
CVE-2022-41038 No No Less Likely More Likely Critical 8.8 7.7
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-37982 No No Less Likely Less Likely Important 8.8 7.7
CVE-2022-38031 No No Unlikely Less Likely Important 8.8 7.7
Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2022-37971 No No Less Likely Less Likely Important 7.1 6.2
Microsoft Word Remote Code Execution Vulnerability
CVE-2022-41031 No No Less Likely Less Likely Important 7.8 6.8
NuGet Client Elevation of Privilege Vulnerability
CVE-2022-41032 No No Less Likely Less Likely Important 7.8 6.8
Server Service Remote Protocol Elevation of Privilege Vulnerability
CVE-2022-38045 No No Less Likely Less Likely Important 8.8 7.7
Service Fabric Explorer Spoofing Vulnerability
CVE-2022-35829 No No Less Likely Less Likely Important 6.2 5.4
StorSimple 8000 Series Elevation of Privilege Vulnerability
CVE-2022-38017 No No Less Likely Less Likely Important 6.8 5.9
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2022-41083 No No Less Likely Less Likely Important 7.8 6.8
Visual Studio Code Information Disclosure Vulnerability
CVE-2022-41042 No No Less Likely Less Likely Important 7.4 6.4
Visual Studio Code Remote Code Execution Vulnerability
CVE-2022-41034 No No - - Important 7.8 6.8
Web Account Manager Information Disclosure Vulnerability
CVE-2022-38046 No No Less Likely Less Likely Important 6.2 5.4
Win32k Elevation of Privilege Vulnerability
CVE-2022-38050 No No More Likely More Likely Important 7.8 6.8
Windows ALPC Elevation of Privilege Vulnerability
CVE-2022-38029 No No Less Likely Less Likely Important 7.0 6.1
Windows Active Directory Certificate Services Security Feature Bypass
CVE-2022-37978 No No Less Likely Less Likely Important 7.5 6.5
Windows CD-ROM File System Driver Remote Code Execution Vulnerability
CVE-2022-38044 No No Less Likely Less Likely Important 7.8 6.8
Windows COM+ Event System Service Elevation of Privilege Vulnerability
CVE-2022-41033 No Yes More Likely Detected Important 7.8 6.8
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
CVE-2022-37987 No No More Likely More Likely Important 7.8 6.8
CVE-2022-37989 No No More Likely More Likely Important 7.8 6.8
Windows CryptoAPI Spoofing Vulnerability
CVE-2022-34689 No No More Likely More Likely Critical 7.5 6.5
Windows DHCP Client Elevation of Privilege Vulnerability
CVE-2022-37980 No No Less Likely Less Likely Important 7.8 6.8
Windows DHCP Client Information Disclosure Vulnerability
CVE-2022-38026 No No Less Likely Less Likely Important 5.5 4.8
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2022-37970 No No More Likely More Likely Important 7.8 6.8
Windows Distributed File System (DFS) Information Disclosure Vulnerability
CVE-2022-38025 No No Less Likely Less Likely Important 5.5 4.8
Windows Event Logging Service Denial of Service Vulnerability
CVE-2022-37981 No No Less Likely Less Likely Important 4.3 3.8
Windows GDI+ Remote Code Execution Vulnerability
CVE-2022-33635 No No Less Likely Less Likely Important 7.8 6.8
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2022-38051 No No More Likely More Likely Important 7.8 7.0
CVE-2022-37997 No No More Likely More Likely Important 7.8 6.8
Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-37985 No No Less Likely Less Likely Important 5.5 4.8
Windows Group Policy Elevation of Privilege Vulnerability
CVE-2022-37975 No No More Likely Less Likely Important 7.8 6.8
Windows Group Policy Preference Client Elevation of Privilege Vulnerability
CVE-2022-37999 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-37993 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-37994 No No Less Likely Less Likely Important 7.8 6.8
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2022-37979 No No Less Likely Less Likely Critical 7.8 6.8
Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-38022 No No Less Likely Less Likely Important 2.5 2.2
CVE-2022-37988 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-38037 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-38038 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-37990 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-38039 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-37991 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-37995 No No Less Likely Less Likely Important 7.8 6.8
Windows Kernel Memory Information Disclosure Vulnerability
CVE-2022-37996 No No Less Likely Less Likely Important 5.5 4.8
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
CVE-2022-38016 No No Less Likely Less Likely Important 8.8 7.7
Windows Local Session Manager (LSM) Denial of Service Vulnerability
CVE-2022-37998 No No Less Likely Less Likely Important 7.7 6.7
CVE-2022-37973 No No Less Likely Less Likely Important 7.7 6.7
Windows Mixed Reality Developer Tools Information Disclosure Vulnerability
CVE-2022-37974 No No More Likely More Likely Important 6.5 5.7
Windows NTLM Spoofing Vulnerability
CVE-2022-35770 No No Less Likely Less Likely Important 6.5 5.7
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
CVE-2022-37965 No No Less Likely Less Likely Important 5.9 5.2
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-30198 No No Less Likely Less Likely Critical 8.1 7.1
CVE-2022-22035 No No Less Likely Less Likely Critical 8.1 7.1
CVE-2022-24504 No No Less Likely Less Likely Critical 8.1 7.1
CVE-2022-33634 No No Less Likely Less Likely Critical 8.1 7.1
CVE-2022-38047 No No Less Likely Less Likely Critical 8.1 7.1
CVE-2022-38000 No No Less Likely Less Likely Critical 8.1 7.3
CVE-2022-41081 No No Less Likely Less Likely Critical 8.1 7.1
Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
CVE-2022-38032 No No Unlikely Less Likely Important 5.9 5.2
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-38028 No No Less Likely More Likely Important 7.8 6.8
Windows Resilient File System Elevation of Privilege
CVE-2022-38003 No No Less Likely Less Likely Important 7.8 6.8
Windows Secure Channel Denial of Service Vulnerability
CVE-2022-38041 No No Less Likely Less Likely Important 7.5 6.5
Windows Security Support Provider Interface Information Disclosure Vulnerability
CVE-2022-38043 No No More Likely Less Likely Important 5.5 4.8
Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability
CVE-2022-38033 No No Less Likely Less Likely Important 6.5 5.9
Windows Storage Elevation of Privilege Vulnerability
CVE-2022-38027 No No More Likely Less Likely Important 7.0 6.1
Windows TCP/IP Driver Denial of Service Vulnerability
CVE-2022-33645 No No Less Likely Less Likely Important 7.5 6.5
Windows USB Serial Driver Information Disclosure Vulnerability
CVE-2022-38030 No No Less Likely Less Likely Important 4.3 3.8
Windows WLAN Service Elevation of Privilege Vulnerability
CVE-2022-37984 No No Less Likely Less Likely Important 7.8 6.8
Windows Win32k Elevation of Privilege Vulnerability
CVE-2022-37986 No No Less Likely Less Likely Important 7.8 6.8
Windows Workstation Service Elevation of Privilege Vulnerability
CVE-2022-38034 No No Less Likely Less Likely Important 4.3 3.8

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

3 comment(s)
ISC Stormcast For Tuesday, October 11th, 2022 https://isc.sans.edu/podcastdetail.html?id=8208

Comments

cwqwqwq
eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>
WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]
dwqqqwqwq mashood
[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)
[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]
What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/

Diary Archives