Back to Blog
Detection and Response

Patch Tuesday - October 2022

Greg Wiseman
Greg Wiseman
|Last updated on Oct 11, 2022|1 min read
LinkedInFacebookX
Patch Tuesday - October 2022

The October batch of CVEs published by Microsoft includes 96 vulnerabilities, including 12 fixed earlier this month that affect the Chromium project used by their Edge browser.

Top of mind for many this month is whether Microsoft would patch the two Exchange Server zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) disclosed at the end of September. While Microsoft was relatively quick to acknowledge the vulnerabilities and provide mitigation steps, their guidance has continually changed as the recommended rules to block attack traffic get bypassed. This whack-a-mole approach seems likely to continue until a proper patch addressing the root causes is available; unfortunately, it doesn’t look like that will be happening today. Thankfully, the impact should be more limited than 2021’s ProxyShell and ProxyLogon vulnerabilities due to attackers needing to be authenticated to the server for successful exploitation. Reports are also surfacing about an additional zero-day distinct from these being used in ransomware attacks; however, these have not yet been substantiated.

Microsoft did address two other zero-day vulnerabilities with today’s patches. CVE-2022-41033, an Elevation of Privilege vulnerability affecting the COM+ Event System Service in all supported versions of Windows, has been seen exploited in the wild. CVE-2022-41043 is an Information Disclosure vulnerability affecting Office for Mac that was publicly disclosed but not (yet) seen exploited in the wild.

Nine CVEs categorized as Remote Code Execution (RCE) with Critical severity were also patched today – seven of them affect the Point-to-Point Tunneling Protocol, and like those fixed last month, require an attacker to win a race condition to exploit them. CVE-2022-38048 affects all supported versions of Office, and CVE-2022-41038 could allow an attacker authenticated to SharePoint to execute arbitrary code on the server, provided the account has “Manage List” permissions.

Maxing out the CVSS base score with a 10.0 this month is CVE-2022-37968, an Elevation of Privilege vulnerability in the Azure Arc-enabled Kubernetes cluster Connect component. It’s unclear why Microsoft has assigned such a high score, given that an attacker would need to know the randomly generated external DNS endpoint for an Azure Arc-enabled Kubernetes cluster (arguably making the Attack Complexity “High”). That said, if this condition is met then an unauthenticated user could become a cluster admin and potentially gain control over the Kubernetes cluster. Users of Azure Arc and Azure Stack Edge should check whether auto-updates are turned on, and if not, upgrade manually as soon as possible.

Summary charts

2022-10-vuln_count_severity.png2022-10-vuln_count_impact.png2022-10-cvssv3_hist.png2022-10-vuln_count_component.png

Summary tables

Azure vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreHas FAQ?
CVE-2022-37968Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege VulnerabilityNoNo10Yes
CVE-2022-38017StorSimple 8000 Series Elevation of Privilege VulnerabilityNoNo6.8Yes
CVE-2022-35829Service Fabric Explorer Spoofing VulnerabilityNoNo6.2Yes

Browser vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreHas FAQ?
CVE-2022-41035Microsoft Edge (Chromium-based) Spoofing VulnerabilityNoNo8.3Yes
CVE-2022-3373Chromium: CVE-2022-3373 Out of bounds write in V8NoNoN/AYes
CVE-2022-3370Chromium: CVE-2022-3370 Use after free in Custom ElementsNoNoN/AYes
CVE-2022-3317Chromium: CVE-2022-3317 Insufficient validation of untrusted input in IntentsNoNoN/AYes
CVE-2022-3316Chromium: CVE-2022-3316 Insufficient validation of untrusted input in Safe BrowsingNoNoN/AYes
CVE-2022-3315Chromium: CVE-2022-3315 Type confusion in BlinkNoNoN/AYes
CVE-2022-3313Chromium: CVE-2022-3313 Incorrect security UI in Full ScreenNoNoN/AYes
CVE-2022-3311Chromium: CVE-2022-3311 Use after free in ImportNoNoN/AYes
CVE-2022-3310Chromium: CVE-2022-3310 Insufficient policy enforcement in Custom TabsNoNoN/AYes
CVE-2022-3308Chromium: CVE-2022-3308 Insufficient policy enforcement in Developer ToolsNoNoN/AYes
CVE-2022-3307Chromium: CVE-2022-3307 Use after free in MediaNoNoN/AYes
CVE-2022-3304Chromium: CVE-2022-3304 Use after free in CSSNoNoN/AYes

Developer Tools vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreHas FAQ?
CVE-2022-41034Visual Studio Code Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-41083Visual Studio Code Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-41032NuGet Client Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-41042Visual Studio Code Information Disclosure VulnerabilityNoNo7.4Yes

Microsoft Office vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreHas FAQ?
CVE-2022-41038Microsoft SharePoint Server Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-41036Microsoft SharePoint Server Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-41037Microsoft SharePoint Server Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-38053Microsoft SharePoint Server Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-41031Microsoft Word Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-38048Microsoft Office Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-38049Microsoft Office Graphics Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-38001Microsoft Office Spoofing VulnerabilityNoNo6.5Yes
CVE-2022-41043Microsoft Office Information Disclosure VulnerabilityNoYes3.3Yes

System Center vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreHas FAQ?
CVE-2022-37971Microsoft Windows Defender Elevation of Privilege VulnerabilityNoNo7.1Yes

Windows vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreHas FAQ?
CVE-2022-38016Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityNoNo8.8Yes
CVE-2022-38045Server Service Remote Protocol Elevation of Privilege VulnerabilityNoNo8.8Yes
CVE-2022-37984Windows WLAN Service Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-38003Windows Resilient File System Elevation of PrivilegeNoNo7.8Yes
CVE-2022-38028Windows Print Spooler Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-38039Windows Kernel Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-37995Windows Kernel Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-37979Windows Hyper-V Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-37970Windows DWM Core Library Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-37980Windows DHCP Client Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-38050Win32k Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-37983Microsoft DWM Core Library Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-37998Windows Local Session Manager (LSM) Denial of Service VulnerabilityNoNo7.7Yes
CVE-2022-37973Windows Local Session Manager (LSM) Denial of Service VulnerabilityNoNo7.7Yes
CVE-2022-38036Internet Key Exchange (IKE) Protocol Denial of Service VulnerabilityNoNo7.5No
CVE-2022-38027Windows Storage Elevation of Privilege VulnerabilityNoNo7Yes
CVE-2022-38021Connected User Experiences and Telemetry Elevation of Privilege VulnerabilityNoNo7Yes
CVE-2022-37974Windows Mixed Reality Developer Tools Information Disclosure VulnerabilityNoNo6.5Yes
CVE-2022-38046Web Account Manager Information Disclosure VulnerabilityNoNo6.2Yes
CVE-2022-37965Windows Point-to-Point Tunneling Protocol Denial of Service VulnerabilityNoNo5.9Yes
CVE-2022-37996Windows Kernel Memory Information Disclosure VulnerabilityNoNo5.5Yes
CVE-2022-38025Windows Distributed File System (DFS) Information Disclosure VulnerabilityNoNo5.5Yes
CVE-2022-38030Windows USB Serial Driver Information Disclosure VulnerabilityNoNo4.3Yes

Windows ESU vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreHas FAQ?
CVE-2022-37982Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-38031Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-38040Microsoft ODBC Driver Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-37976Active Directory Certificate Services Elevation of Privilege VulnerabilityNoNo8.8Yes
CVE-2022-30198Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityNoNo8.1Yes
CVE-2022-22035Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityNoNo8.1Yes
CVE-2022-24504Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityNoNo8.1Yes
CVE-2022-33634Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityNoNo8.1Yes
CVE-2022-38047Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityNoNo8.1Yes
CVE-2022-38000Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityNoNo8.1Yes
CVE-2022-41081Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityNoNo8.1Yes
CVE-2022-37986Windows Win32k Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-37988Windows Kernel Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-38037Windows Kernel Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-38038Windows Kernel Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-37990Windows Kernel Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-37991Windows Kernel Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-37999Windows Group Policy Preference Client Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-37993Windows Group Policy Preference Client Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-37994Windows Group Policy Preference Client Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-37975Windows Group Policy Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-38051Windows Graphics Component Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-37997Windows Graphics Component Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-33635Windows GDI+ Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-37987Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-37989Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-41033Windows COM+ Event System Service Elevation of Privilege VulnerabilityYesNo7.8Yes
CVE-2022-38044Windows CD-ROM File System Driver Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-33645Windows TCP/IP Driver Denial of Service VulnerabilityNoNo7.5No
CVE-2022-38041Windows Secure Channel Denial of Service VulnerabilityNoNo7.5No
CVE-2022-34689Windows CryptoAPI Spoofing VulnerabilityNoNo7.5Yes
CVE-2022-37978Windows Active Directory Certificate Services Security Feature BypassNoNo7.5Yes
CVE-2022-38042Active Directory Domain Services Elevation of Privilege VulnerabilityNoNo7.1Yes
CVE-2022-38029Windows ALPC Elevation of Privilege VulnerabilityNoNo7Yes
CVE-2022-38033Windows Server Remotely Accessible Registry Keys Information Disclosure VulnerabilityNoNo6.5Yes
CVE-2022-35770Windows NTLM Spoofing VulnerabilityNoNo6.5Yes
CVE-2022-37977Local Security Authority Subsystem Service (LSASS) Denial of Service VulnerabilityNoNo6.5No
CVE-2022-38032Windows Portable Device Enumerator Service Security Feature Bypass VulnerabilityNoNo5.9Yes
CVE-2022-38043Windows Security Support Provider Interface Information Disclosure VulnerabilityNoNo5.5Yes
CVE-2022-37985Windows Graphics Component Information Disclosure VulnerabilityNoNo5.5Yes
CVE-2022-38026Windows DHCP Client Information Disclosure VulnerabilityNoNo5.5Yes
CVE-2022-38034Windows Workstation Service Elevation of Privilege VulnerabilityNoNo4.3Yes
CVE-2022-37981Windows Event Logging Service Denial of Service VulnerabilityNoNo4.3Yes
CVE-2022-38022Windows Kernel Elevation of Privilege VulnerabilityNoNo2.5Yes

Article Tags

Author

Greg Wiseman
Greg Wiseman
Authors's Posts

Related blog posts