Microsoft fixes many zero-days under attack

Share:

November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark of the Web bypass flaw, and the ProxyNotShell MS Exchange vulnerabilities.

Fixes to prioritize

CVE-2022-41091 is a Windows zero-day vulnerability that allows attackers to bypass the Mark of the Web (MOTW) security feature. They can craft a malicious file triggering the flaw and deliver it either via a malicious or compromised website or via email or instant message.

“In all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker’s site or send a malicious attachment,” Microsoft says, but it has nevertheless been successfully exploited by different attackers in the wild.

And, according to Beaumont, another MOTW bypass vulnerability (CVE-2022-41049) fixed this Patch Tuesday is being exploited in the wild – though Microsoft didn’t confirm it.

Then there’s CVE-2022-41128, a remote code execution flaw in Windows Scripting Languages.

“An attack would need to lure a user to either a specially crafted website or server share. In doing so, they would get their code to execute on an affected system at the level of the logged-on user,” commented Dustin Childs, with Trend Micro’s Zero Day Initiative.

“Microsoft provides no insight into how widespread this may be but considering it’s a browse-and-own type of scenario, I expect this will be a popular bug to include in exploit kits.”

Also under active exploitation: CVE-2022-41073, a Windows Print Spooler elevation of privilege (EoP) bug reported by Microsoft’s own threat intelligence analysts, and CVE-2022-41125, an EOP in the Windows CNG Key Isolation Service.

What else?

Obviously, the “ProxyNotShell” Microsoft Exchange Server flaws need to be patched as soon as possible due to in-the-wild exploitation, and the fact that Microsoft has stumbled with the provided mitigations.

“It’s been over a month since these flaws were disclosed. While the impact of ProxyNotShell is limited due to the authentication requirement, the fact that it has been exploited in the wild and that attackers are capable of obtaining valid credentials still make these important flaws to patch,” commented Satnam Narang, senior staff research engineer at Tenable.

Childs also noted that Microsoft has fixed four additional bugs in Exchange Server this month. “I have a strong premonition many Exchange administrators have a long weekend in front of them,” he added.

Finally, CVE-2022-38023 (an EoP flaw in Netlogon RPC) is not being exploited, but a fix for it should be implemented before Microsoft enforces the necessary updates in July 2023.

UPDATE (November 8, 2022, 17:05 a.m. ET):

This article has been amended to clear up potential confusion between the two fixed MOTW bypass flaws.

Microsoft fixes many zero-days under attack

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
3:06 am, Jul 3, 2025
weather icon 13°C
L: 11° | H: 15°
clear sky
Humidity: 64 %
Pressure: 1025 mb
Wind: 4 mph NW
Wind Gust: 7 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 0%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 4:49 am
Sunset: 9:20 pm
DailyHourly
Daily ForecastHourly Forecast
Today 10:00 pm
weather icon
11° | 15°°C 0 mm 0% 12 mph 64 % 1028 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
15° | 26°°C 0 mm 0% 12 mph 59 % 1028 mb 0 mm/h
Sat Jul 05 10:00 pm
weather icon
14° | 19°°C 1 mm 100% 11 mph 93 % 1021 mb 0 mm/h
Sun Jul 06 10:00 pm
weather icon
15° | 18°°C 1 mm 100% 11 mph 88 % 1009 mb 0 mm/h
Mon Jul 07 10:00 pm
weather icon
13° | 16°°C 1 mm 100% 11 mph 87 % 1012 mb 0 mm/h
Today 4:00 am
weather icon
12° | 13°°C 0 mm 0% 4 mph 64 % 1026 mb 0 mm/h
Today 7:00 am
weather icon
13° | 14°°C 0 mm 0% 4 mph 61 % 1026 mb 0 mm/h
Today 10:00 am
weather icon
17° | 19°°C 0 mm 0% 4 mph 46 % 1027 mb 0 mm/h
Today 1:00 pm
weather icon
24° | 24°°C 0 mm 0% 5 mph 28 % 1028 mb 0 mm/h
Today 4:00 pm
weather icon
25° | 25°°C 0 mm 0% 6 mph 22 % 1026 mb 0 mm/h
Today 7:00 pm
weather icon
21° | 21°°C 0 mm 0% 12 mph 25 % 1025 mb 0 mm/h
Today 10:00 pm
weather icon
20° | 20°°C 0 mm 0% 10 mph 37 % 1027 mb 0 mm/h
Tomorrow 1:00 am
weather icon
17° | 17°°C 0 mm 0% 7 mph 46 % 1028 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€92,435.46
3.16%
Ethereum(ETH)
€2,187.68
7.09%
Tether(USDT)
€0.85
0.03%
XRP(XRP)
€1.91
3.11%
Solana(SOL)
€129.77
3.59%
USDC(USDC)
€0.85
0.00%
Dogecoin(DOGE)
€0.143811
6.91%
Shiba Inu(SHIB)
€0.000010
5.98%
Pepe(PEPE)
€0.000008
10.42%
Scroll to Top