9 November 2022

Microsoft November 2022 Patch Tuesday fixes ProxyNotShell bugs, 4 other zero-days


Microsoft November 2022 Patch Tuesday fixes ProxyNotShell bugs, 4 other zero-days

Microsoft has rolled out November 2022 Patch Tuesday security updates that address multiple vulnerabilities in a wide range of its software products, including two high-severity Microsoft Exchange zero-day vulnerabilities collectively known as ProxyNotShell said to have been exploited by hackers since at least September 2022.

One of the flaws (CVE-2022-41082) is a code injection issue that allows a remote user with access to PowerShell Remoting execute arbitrary code on vulnerable Exchange systems, while the second bug (CVE-2022-41040) allows a remote attacker to perform SSRF attacks. A China-linked threat group have been observed exploiting the vulnerabilities to deploy Chinese Chopper web shells on compromised servers for persistence and data theft, as well as move laterally to other systems on the victims' networks.

Besides ProxyNotShell, the vendor has fixed four new exploited zero-day vulnerabilities: CVE-2022-41125 (Privilege escalation in Microsoft Windows CNG Key Isolation Service), CVE-2022-41073 (rrivilege escalation in Microsoft Windows Print Spooler service), CVE-2022-41091 (security features bypass in Microsoft Windows Mark of the Web), and CVE-2022-41128 (remote code execution in Microsoft Windows Scripting Languages).

This month’s Patch Tuesday also includes fixes for a number of high-risk flaws affecting Microsoft Netlogon RPC, Microsoft Azure, Microsoft Excel and Office Graphics, as well as Microsoft Visual Studio.


Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024