Get in Touch

Get in Touch

Get in Touch

Please get in touch using the form below.

Close form

Home / Threat Intelligence bulletins / Microsoft releases 84 fixes as part of their October mass update cycle

Target Industry

Most industries will be affected by this patching cycle due to the scope and diversity of patching.

Overview

Severity Levels:
– 13 Critical – These vulnerabilities include remote code execution and may lead to root level compromise.
– 71 Important (High) – Vulnerabilities could result in adversary-elevated privileges and significant data loss.

As part of the Microsoft monthly patching cycle that occurs on the second Tuesday of each month, 84 vulnerabilities – including 13 that are critical – have received updates to protect against known flaws.

Flaws within the CVEs are as follows:

– 39 Elevation of Privilege
– 20 Remote Code Execution
– 11 Information Disclosure Vulnerability
– 8 Denial of Service
– 4 Spoofing
– 2 Security Feature Bypass

Impact

Both critical and high-severity vulnerabilities pose significant threats to business security as they offer adversaries exploitable advantages against sensitive company systems and private data. The most concerning CVE released by this Microsoft update is CVE-2022-41033. This vulnerability has reportedly been actively exploited in the wild and therefore poses an additional proven threat to businesses. The vulnerability affects Windows COM+ (Component Services) and, if compromised, an attacker could gain system-level privileges.

All additional CVEs including those at critical severity are found below.

Affected Products

Critical:

– Azure Arc – CVE-2022-37968
– Microsoft Office – CVE-2022-38048
– Microsoft Office SharePoint – CVE-2022-41038
– Role: Windows Hyper-V – CVE-2022-37979
– Windows Active Directory Certificate Services – CVE-2022-37979
– Windows CryptoAPI – CVE-2022-34689
– Windows Point-to-Point Tunneling Protocol – CVE-2022-33634, CVE-2022-22035, CVE-2022-24504, CVE-2022-38047, CVE-2022-41081, CVE-2022-30198, CVE-2022-38000

Important (High):

– Active Directory Domain Services – – Azure – CVE-2022-38017

– Client Server Run-time Subsystem – CVE-2022-37987, CVE-2022-37989
– Microsoft Graphics Component – CVE-2022-37986, CVE-2022-38051, CVE-2022-37997, CVE-2022-37985, CVE-2022-33635
– Microsoft Office – CVE-2022-38001, CVE-2022-41043
– Microsoft Office SharePoint – CVE-2022-38053, CVE-2022-41036, CVE-2022-41037
– Microsoft Office Word – CVE-2022-41031, CVE-2022-38049
– Microsoft WDAC OLE DB provider for SQL – CVE-2022-37982, CVE-2022-38031
– NuGet Client – CVE-2022-41032
– Remote Access Service Point-to-Point Tunneling Protocol – CVE-2022-37965
– Service Fabric – CVE-2022-35829
– Visual Studio Code – CVE-2022-41042, CVE-2022-41034, CVE-2022-41083
– Windows Active Directory Certificate Services – CVE-2022-37978
– Windows ALPC – CVE-2022-38029
– Windows CD-ROM Driver – CVE-2022-38044
– Windows COM+ Event System Service – CVE-2022-41033
– Windows Connected User Experiences and Telemetry – CVE-2022-38021
– Windows Defender – CVE-2022-37971
– Windows DHCP Client – CVE-2022-38026, CVE-2022-37980
– Windows Distributed File System (DFS) – CVE-2022-38025
– Windows DWM Core Library – CVE-2022-37970, CVE-2022-37983
– Windows Event Logging Service – CVE-2022-37981
– Windows Group Policy – CVE-2022-37975
– Windows Group Policy Preference Client – CVE-2022-37994, CVE-2022-37993, CVE-2022-37999
– Windows Internet Key Exchange (IKE) Protocol – CVE-2022-38036
– Windows Kernel – CVE-2022-37988, CVE-2022-38037, CVE-2022-37990, CVE-2022-38038, CVE-2022-38039, CVE-2022-37995CVE-2022-37991, CVE-2022-38022
– Windows Local Security Authority (LSA) – CVE-2022-38016
– Windows Local Security Authority Subsystem Service (LSASS) – CVE-2022-37977
– Windows Local Session Manager (LSM) – CVE-2022-37973, CVE-2022-37998
– Windows NTFS – CVE-2022-37996
– Windows NTLM – CVE-2022-35770
– Windows ODBC Driver – CVE-2022-38040
– Windows Perception Simulation Service – CVE-2022-37974
– Windows Portable Device Enumerator Service – CVE-2022-38032
– Windows Print Spooler Components – CVE-2022-38028
– Windows Resilient File System (ReFS) – CVE-2022-38003
– Windows Secure Channel – CVE-2022-38041
– Windows Security Support Provider Interface – CVE-2022-38043
– Windows Server Remotely Accessible Registry Keys – CVE-2022-38033
– Windows Server Service – CVE-2022-38045
– Windows Storage –  CVE-2022-38027
– Windows TCP/IP – CVE-2022-33645
– Windows USB Serial Driver – CVE-2022-38030
– Windows Web Account Manager – CVE-2022-38046
– Windows Win32K – CVE-2022-38050
– Windows WLAN Service – CVE-2022-37984
– Windows Workstation Service – CVE-2022-38034

Containment, Mitigations & Remediations

Update installation: Microsoft has released several security updates for the above vulnerabilities. Customers are strongly advised to install these updates to protect their network and system environment.

Indicators of Compromise

None published at this time.

Threat Landscape

Vulnerabilities such as these continue to be exploited by threat actors of all sizes and capabilities. Malicious actors will highly likely target businesses that are slow or inconsistent with implementing regular patching cycles, thus allowing the compromise of sensitive systems, networks and data for the ultimate goal of financial gain.

Threat Group

Attacks using the above CVEs will likely be implemented by opportunistic threat actors.

Further Information

Microsoft Vulnerability Blog

Intelligence Terminology Yardstick