Microsoft fixes many zero-days under attack

Share:

November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark of the Web bypass flaw, and the ProxyNotShell MS Exchange vulnerabilities.

Fixes to prioritize

CVE-2022-41091 is a Windows zero-day vulnerability that allows attackers to bypass the Mark of the Web (MOTW) security feature. They can craft a malicious file triggering the flaw and deliver it either via a malicious or compromised website or via email or instant message.

“In all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker’s site or send a malicious attachment,” Microsoft says, but it has nevertheless been successfully exploited by different attackers in the wild.

And, according to Beaumont, another MOTW bypass vulnerability (CVE-2022-41049) fixed this Patch Tuesday is being exploited in the wild – though Microsoft didn’t confirm it.

Then there’s CVE-2022-41128, a remote code execution flaw in Windows Scripting Languages.

“An attack would need to lure a user to either a specially crafted website or server share. In doing so, they would get their code to execute on an affected system at the level of the logged-on user,” commented Dustin Childs, with Trend Micro’s Zero Day Initiative.

“Microsoft provides no insight into how widespread this may be but considering it’s a browse-and-own type of scenario, I expect this will be a popular bug to include in exploit kits.”

Also under active exploitation: CVE-2022-41073, a Windows Print Spooler elevation of privilege (EoP) bug reported by Microsoft’s own threat intelligence analysts, and CVE-2022-41125, an EOP in the Windows CNG Key Isolation Service.

What else?

Obviously, the “ProxyNotShell” Microsoft Exchange Server flaws need to be patched as soon as possible due to in-the-wild exploitation, and the fact that Microsoft has stumbled with the provided mitigations.

“It’s been over a month since these flaws were disclosed. While the impact of ProxyNotShell is limited due to the authentication requirement, the fact that it has been exploited in the wild and that attackers are capable of obtaining valid credentials still make these important flaws to patch,” commented Satnam Narang, senior staff research engineer at Tenable.

Childs also noted that Microsoft has fixed four additional bugs in Exchange Server this month. “I have a strong premonition many Exchange administrators have a long weekend in front of them,” he added.

Finally, CVE-2022-38023 (an EoP flaw in Netlogon RPC) is not being exploited, but a fix for it should be implemented before Microsoft enforces the necessary updates in July 2023.

UPDATE (November 8, 2022, 17:05 a.m. ET):

This article has been amended to clear up potential confusion between the two fixed MOTW bypass flaws.

Microsoft fixes many zero-days under attack

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
3:52 am, Jun 23, 2025
weather icon 18°C
L: 17° | H: 18°
broken clouds
Humidity: 78 %
Pressure: 1010 mb
Wind: 15 mph WSW
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 75%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 4:43 am
Sunset: 9:21 pm
DailyHourly
Daily ForecastHourly Forecast
Today 10:00 pm
weather icon
17° | 18°°C 0.2 mm 20% 14 mph 78 % 1016 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
13° | 22°°C 0.2 mm 20% 13 mph 80 % 1016 mb 0 mm/h
Wed Jun 25 10:00 pm
weather icon
16° | 27°°C 0 mm 0% 9 mph 86 % 1014 mb 0 mm/h
Thu Jun 26 10:00 pm
weather icon
18° | 26°°C 0.48 mm 48% 14 mph 84 % 1016 mb 0 mm/h
Fri Jun 27 10:00 pm
weather icon
17° | 28°°C 0 mm 0% 16 mph 72 % 1019 mb 0 mm/h
Today 4:00 am
weather icon
17° | 18°°C 0.2 mm 20% 13 mph 78 % 1010 mb 0 mm/h
Today 7:00 am
weather icon
16° | 17°°C 0.2 mm 20% 13 mph 76 % 1011 mb 0 mm/h
Today 10:00 am
weather icon
18° | 19°°C 0 mm 0% 12 mph 54 % 1013 mb 0 mm/h
Today 1:00 pm
weather icon
22° | 22°°C 0 mm 0% 12 mph 34 % 1014 mb 0 mm/h
Today 4:00 pm
weather icon
21° | 21°°C 0 mm 0% 14 mph 32 % 1014 mb 0 mm/h
Today 7:00 pm
weather icon
22° | 22°°C 0 mm 0% 13 mph 39 % 1014 mb 0 mm/h
Today 10:00 pm
weather icon
17° | 17°°C 0 mm 0% 10 mph 53 % 1016 mb 0 mm/h
Tomorrow 1:00 am
weather icon
14° | 14°°C 0 mm 0% 8 mph 69 % 1016 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€88,117.82
-1.07%
Ethereum(ETH)
€1,948.86
-1.01%
Tether(USDT)
€0.87
0.00%
XRP(XRP)
€1.76
-1.78%
Solana(SOL)
€115.59
-1.04%
USDC(USDC)
€0.87
0.00%
Dogecoin(DOGE)
€0.132752
-0.96%
Shiba Inu(SHIB)
€0.000010
-1.41%
Pepe(PEPE)
€0.000008
-3.83%
Peanut the Squirrel(PNUT)
€0.218896
13.10%
Scroll to Top