Here’s what you need to know of the 4 zero-days in Microsoft’s Nov. update

Microsoft issued patches for of 62 vulnerabilities, nine of which are “Critical” severity and 53 “Important”. Four of the vulnerabilities in Microsoft November 2022 security update are zero-day flaws that are being actively exploited [300 words].


Here’s what you need to know about them:


Windows MoTW Bypass Vulnerability (CVE-2022-41091)

• Impacts multiple Windows versions including Windows 10, Windows 11, Windows Server 2022, 2016 and 2019
• Vulnerability allows attackers to sneak malicious files past Microsoft’s Mark of the Web (MoTW) security feature.
• Will Dormann, the security researcher who reported the bug to Microsoft says when a read-only file is zipped, Windows upon extraction will 1) write file 2) mark it as read-only 3) and attempt to set the MoTW on the read-only file and fail.
• An attacker would need to host a malicious website or send a targeted user a maliciously crafted .url file.

Windows Scripting Languages RCE vulnerability (CVE-2022-41128)

• Affected products include Windows 10, Windows 11, Windows Server 2016, and Windows Server 2019.
• To exploit CVE-2022-41128, an attacker would need to lure a user to visit a maliciously crafted server share or website.
• Attack can be executed remotely. Attack complexity is low.

Windows Print Spooler Elevation of Privilege Vulnerability (CVE-2022-41073)

• Affects multiple Windows Server versions including Windows Server 2022, 2019 and 2016.
• Vulnerability gives attackers a way to gain system level access.
• Threat actor would need local access. But attack complexity and privileges required to exploit the flaw are low. No user interaction is required.

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability (CVE-2022-41125)

• Allows an attacker to gain system level privileges
• Affects multiple Windows versions including Windows Server 2012, 2016, Windows 8.1 and Windows RT 8.1.
• User interaction required. Attack complexity is low.


Source: Microsoft.