Hello everyone! This episode will be about Microsoft Patch Tuesday for November 2022, including vulnerabilities that were added between October and November Patch Tuesdays. As usual, I use my open source Vulristics project to create the report.
All vulnerabilities: 82
Urgent: 1
Critical: 6
High: 19
Medium: 56
Low: 0
00:15 Remote Code Execution – Microsoft Exchange (CVE-2022-41040, CVE-2022-41082) #ProxyNotShell patches
01:12 Remote Code Execution – Windows Scripting Languages (CVE-2022-41128)
02:13 Security Feature Bypass - Windows Mark of the Web (CVE-2022-41049, CVE-2022-41091)
03:33 Remote Code Execution - OpenSSL (CVE-2022-3602)
04:09 Memory Corruption - Microsoft Edge (CVE-2022-3723)
04:32 Elevation of Privilege - Windows CNG Key Isolation Service (CVE-2022-41125)
05:05 Elevation of Privilege - Windows Print Spooler (CVE-2022-41073)
05:39 Elevation of Privilege - Kerberos (CVE-2022-37966)
06:55 Elevation of Privilege - Microsoft Exchange (CVE-2022-41080)
07:12 Elevation of Privilege - Netlogon RPC (CVE-2022-38023)
Video: https://youtu.be/Xpgiw538Dgo
Video2 (for Russia): https://vk.com/video-149273431_456239107
Blogpost: https://avleonov.com/2022/11/25/microsoft-patch-tuesday-november-2022-exchange-proxynotshell-rce-jscript9-motw-openssl-edge-cng-print-spooler/
Full report: https://avleonov.com/vulristics_reports/ms_patch_tuesday_november2022_report_with_comments_ext_img.html
@avleonovcom #microsoft #patchtuesday
All vulnerabilities: 82
Urgent: 1
Critical: 6
High: 19
Medium: 56
Low: 0
00:15 Remote Code Execution – Microsoft Exchange (CVE-2022-41040, CVE-2022-41082) #ProxyNotShell patches
01:12 Remote Code Execution – Windows Scripting Languages (CVE-2022-41128)
02:13 Security Feature Bypass - Windows Mark of the Web (CVE-2022-41049, CVE-2022-41091)
03:33 Remote Code Execution - OpenSSL (CVE-2022-3602)
04:09 Memory Corruption - Microsoft Edge (CVE-2022-3723)
04:32 Elevation of Privilege - Windows CNG Key Isolation Service (CVE-2022-41125)
05:05 Elevation of Privilege - Windows Print Spooler (CVE-2022-41073)
05:39 Elevation of Privilege - Kerberos (CVE-2022-37966)
06:55 Elevation of Privilege - Microsoft Exchange (CVE-2022-41080)
07:12 Elevation of Privilege - Netlogon RPC (CVE-2022-38023)
Video: https://youtu.be/Xpgiw538Dgo
Video2 (for Russia): https://vk.com/video-149273431_456239107
Blogpost: https://avleonov.com/2022/11/25/microsoft-patch-tuesday-november-2022-exchange-proxynotshell-rce-jscript9-motw-openssl-edge-cng-print-spooler/
Full report: https://avleonov.com/vulristics_reports/ms_patch_tuesday_november2022_report_with_comments_ext_img.html
@avleonovcom #microsoft #patchtuesday