Microsoft Patches 6 0-Days & 16 RCE Vulnerabilities

November 9, 2022

Microsoft Patches 6 0-Days & 16 RCE Vulnerabilities

As part of November’s monthly security rollup updates, Microsoft has patched 6 0-Day and 16 Remote Code Execution vulnerabilities.

Overall, Microsoft has patched 68 vulnerabilities across Windows, Windows Server, Exchange, Hyper-V, Azure, Visual Studio, Office and others.

The Zero-Day Vulnerabilities

  • CVE-2022-41128 (CVSS 3.1: 8.8, High Severity) – Windows Scripting Languages Remote Code Execution Vulnerability
  • CVE-2022-41091 (CVSS 3.1: 5.4, Medium Severity) – Windows Mark of the Web Security Feature Bypass Vulnerability
  • CVE-2022-41073 (CVSS 3.1: 7.8, High Severity) – Windows Print Spooler Elevation of Privilege Vulnerability
  • CVE-2022-41125 (CVSS 3.1: 7.8, High Severity) – Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
  • CVE-2022-41040 (CVSS 3.1: 7.9, High Severity) – Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2022-41082 (CVSS 3.1: 8.3, High Severity) – Microsoft Exchange Server Remote Code Execution Vulnerability

For the full patched vulnerabilities list, including the 16 RCEs, visit Microsoft November 2022 Security Updates.

Mitigation

CYREBRO recommends implementing the latest available Microsoft security/monthly rollup updates in all relevant systems as soon as possible.

References: Microsoft November 2022 Security Updates.

Sign Up for Updates