It’s becoming the rule rather than the exception that Microsoft’s Patch Tuesday security update brings bad news for Windows users in the form of actively exploited zero-day vulnerabilities. And good news that patches are available, of course. The November update does not disappoint in either regard, with no less than four new Windows zero-day attacks and fixes confirmed.

ProxyNotShell Exchange Server vulnerabilities now patched

The latest Patch Tuesday security update provides security patches for no less than 68 vulnerabilities, of which 11 are rated as critical in nature. What’s more, six are actively exploited zero-days; the additional two covering the Exchange Server CVE-2022-41040 and CVE-2022-41082 state-sponsored ProxyNotShell attacks I reported on last month. “It took Microsoft more than two months to provide the patch, even though the company admitted that ProxyNotShell actively exploited the vulnerabilities in targeted attacks against at least 10 large organizations,” Mike Walters, vice president of vulnerability and threat research at Action1, says. “It is good news that an official patch is available now,” Walters concludes, “installing it promptly is highly advisable.”


What are the four new Windows zero-days?

  • CVE-2022-41073 is a Windows print spooler elevation of privilege vulnerability which could enable an attacker to gain system privileges. Most every version of Windows and Windows Server are impacted by this actively exploited issue.


  • CVE-2022-41125 is a Windows Cryptographic Next Generation (CNG) key isolation issue, again leading to privilege escalation that could enable system control. This doesn’t impact quite as many versions of Windows and Windows Server, but Windows 8.1, 10, and 11 users, as well as Server 2012, 2016, 2019, and 2022 users, should update as soon as possible.


  • CVE-2022-41128 is a Windows scripting language vulnerability that enables remote code execution. User interaction would be required by way of visiting a malicious server. Most every version of Windows and Windows Server is impacted.


  • CVE-2022-41091 is a ‘mark of the web security bypass’ Windows vulnerability. Microsoft warns that an attacker could host a malicious website, send a maliciously-crafted email or instant message, or add malicious content to a compromised user-provider content website. A malicious ZIP file has been shown to be able to execute this exploit. If successful, this could disable features such as Microsoft Office’s protected view, for example. Windows 10 and 11, along with Server 2019 and 2022 users are impacted. “Multiple outlets have reported that the vulnerability was discovered and reported in July 2022,” Peter Pflaster from Automox says, “but has remained unpatched until now. Since the vulnerability is being actively exploited, we recommend patching within 24 hours.”

Details of all the November Patch Tuesday vulnerabilities can be found in the Microsoft Security Update Guide.




About the author

Kwame Anane

Leave a Comment