October 13, 2022

Microsoft Patches 2 0-Days & 20 RCE Vulnerabilities

As part of October’s monthly security rollup updates, Microsoft has patched two 0-Day vulnerabilities and 20 Remote Code Execution vulnerabilities.

Overall, Microsoft has patched 84 vulnerabilities across Windows, Azure, Active Directory, Hyper-V, Edge, and others.

The High-Severity Zero-Day Vulnerability

• CVE-2022-41033(CVSS 3.1: 7.8, High Severity) – Windows COM+ Event System Service Elevation of Privilege Vulnerability, an attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

For the full patched vulnerabilities list, including the 20 RCEs, visit Microsoft October 2022 Security Updates.

Affected Systems

The Vulnerability affects all Windows versions under support, including the latest client and server releases, Windows 11 and Windows Server 2022.

Mitigation

CYREBRO recommends implementing the latest available Microsoft security/monthly rollup updates in all relevant systems as soon as possible.

References: Microsoft October 2022 Security Updates.