Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

Tag CVE ID CVE Title
.NET Framework CVE-2022-41064 .NET Framework Information Disclosure Vulnerability
AMD CPU Branch CVE-2022-23824 AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions
Azure CVE-2022-39327 GitHub: CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI
Azure CVE-2022-41085 Azure CycleCloud Elevation of Privilege Vulnerability
Azure Real Time Operating System CVE-2022-41051 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Linux Kernel CVE-2022-38014 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
Microsoft Dynamics CVE-2022-41066 Microsoft Business Central Information Disclosure Vulnerability
Microsoft Exchange Server CVE-2022-41078 Microsoft Exchange Server Spoofing Vulnerability
Microsoft Exchange Server CVE-2022-41080 Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server CVE-2022-41079 Microsoft Exchange Server Spoofing Vulnerability
Microsoft Exchange Server CVE-2022-41123 Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2022-41113 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2022-41052 Windows Graphics Component Remote Code Execution Vulnerability
Microsoft Office ADV220003 Microsoft Defense in Depth Update
Microsoft Office CVE-2022-41105 Microsoft Excel Information Disclosure Vulnerability
Microsoft Office CVE-2022-41107 Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2022-41104 Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Office Excel CVE-2022-41063 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2022-41106 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2022-41122 Microsoft SharePoint Server Spoofing Vulnerability
Microsoft Office SharePoint CVE-2022-41062 Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office Word CVE-2022-41103 Microsoft Word Information Disclosure Vulnerability
Microsoft Office Word CVE-2022-41061 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office Word CVE-2022-41060 Microsoft Word Information Disclosure Vulnerability
Network Policy Server (NPS) CVE-2022-41056 Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability
Network Policy Server (NPS) CVE-2022-41097 Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability
Open Source Software CVE-2022-3786 OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun
Open Source Software CVE-2022-3602 OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun
Role: Windows Hyper-V CVE-2022-38015 Windows Hyper-V Denial of Service Vulnerability
SysInternals CVE-2022-41120 Microsoft Windows Sysmon Elevation of Privilege Vulnerability
Visual Studio CVE-2022-39253 GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default
Visual Studio CVE-2022-41119 Visual Studio Remote Code Execution Vulnerability
Windows Advanced Local Procedure Call CVE-2022-41093 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Windows ALPC CVE-2022-41045 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Windows ALPC CVE-2022-41100 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Windows Bind Filter Driver CVE-2022-41114 Windows Bind Filter Driver Elevation of Privilege Vulnerability
Windows BitLocker CVE-2022-41099 BitLocker Security Feature Bypass Vulnerability
Windows CNG Key Isolation Service CVE-2022-41125 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
Windows Devices Human Interface CVE-2022-41055 Windows Human Interface Device Information Disclosure Vulnerability
Windows Digital Media CVE-2022-41095 Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows DWM Core Library CVE-2022-41096 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Windows Extensible File Allocation CVE-2022-41050 Windows Extensible File Allocation Table Elevation of Privilege Vulnerability
Windows Group Policy Preference Client CVE-2022-37992 Windows Group Policy Elevation of Privilege Vulnerability
Windows Group Policy Preference Client CVE-2022-41086 Windows Group Policy Elevation of Privilege Vulnerability
Windows HTTP.sys CVE-2022-41057 Windows HTTP.sys Elevation of Privilege Vulnerability
Windows Kerberos CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability
Windows Kerberos CVE-2022-41053 Windows Kerberos Denial of Service Vulnerability
Windows Kerberos CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
Windows Mark of the Web (MOTW) CVE-2022-41049 Windows Mark of the Web Security Feature Bypass Vulnerability
Windows Mark of the Web (MOTW) CVE-2022-41091 Windows Mark of the Web Security Feature Bypass Vulnerability
Windows Netlogon CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability
Windows Network Address Translation (NAT) CVE-2022-41058 Windows Network Address Translation (NAT) Denial of Service Vulnerability
Windows ODBC Driver CVE-2022-41047 Microsoft ODBC Driver Remote Code Execution Vulnerability
Windows ODBC Driver CVE-2022-41048 Microsoft ODBC Driver Remote Code Execution Vulnerability
Windows Overlay Filter CVE-2022-41101 Windows Overlay Filter Elevation of Privilege Vulnerability
Windows Overlay Filter CVE-2022-41102 Windows Overlay Filter Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol CVE-2022-41044 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Point-to-Point Tunneling Protocol CVE-2022-41116 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
Windows Point-to-Point Tunneling Protocol CVE-2022-41090 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
Windows Point-to-Point Tunneling Protocol CVE-2022-41039 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Point-to-Point Tunneling Protocol CVE-2022-41088 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Print Spooler Components CVE-2022-41073 Windows Print Spooler Elevation of Privilege Vulnerability
Windows Resilient File System (ReFS) CVE-2022-41054 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Windows Scripting CVE-2022-41118 Windows Scripting Languages Remote Code Execution Vulnerability
Windows Scripting CVE-2022-41128 Windows Scripting Languages Remote Code Execution Vulnerability
Windows Win32K CVE-2022-41092 Windows Win32k Elevation of Privilege Vulnerability
Windows Win32K CVE-2022-41109 Windows Win32k Elevation of Privilege Vulnerability
Windows Win32K CVE-2022-41098 Windows GDI+ Information Disclosure Vulnerability

CVE-2022-23824 - AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-23824
MITRE
NVD		 CVE Title: AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions
CVSS:
None
FAQ:

Why is this AMD CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.

Please see the following for more information:


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-23824
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Information Disclosure 5018425 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Information Disclosure 5018425 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Information Disclosure 5018411 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Information Disclosure 5018411 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Information Disclosure 5018419
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Information Disclosure 5018419
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Information Disclosure 5018419
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Information Disclosure 5018410
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Information Disclosure 5018410
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Information Disclosure 5018410
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Information Disclosure 5018410
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Information Disclosure Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Information Disclosure Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Information Disclosure Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Information Disclosure 5018418 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Information Disclosure 5018418 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Information Disclosure 5018427
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Information Disclosure 5018427
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Information Disclosure 5018454
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Information Disclosure 5018454
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Information Disclosure 5018474
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Information Disclosure 5018474
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows RT 8.1 5020010 (Security Only) Important Information Disclosure Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Information Disclosure 5018450
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Information Disclosure 5018450
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Information Disclosure 5018450
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Information Disclosure 5018450
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Information Disclosure 5018454
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Information Disclosure 5018454
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Information Disclosure 5018457
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Information Disclosure 5018457
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Information Disclosure 5018474
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Information Disclosure 5018474
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows Server 2016 5019964 (Security Update) Important Information Disclosure 5018411 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Information Disclosure 5018411 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows Server 2019 5019966 (Security Update) Important Information Disclosure 5018419
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Information Disclosure 5018419
 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows Server 2022 5019081 (Security Update) Important Information Disclosure 5018421 Base: N/A
Temporal: N/A
Vector: N/A
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Information Disclosure 5018421 Base: N/A
Temporal: N/A
Vector: N/A
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-23824 None

CVE-2022-38014 - Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-38014
MITRE
NVD		 CVE Title: Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.0/6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-38014
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure EFLOW Release Notes (Security Update) Important Elevation of Privilege None Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Windows Subsystem for Linux (WSL2) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-38014 Microsoft Offensive Research & Security Engineering (MORSE)

CVE-2022-37966 - Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-37966
MITRE
NVD		 CVE Title: Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 8.1/7.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.


Upon successful exploitation, what privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain administrator privileges.


How could an attacker exploit this vulnerability?

An unauthenticated attacker could conduct an attack that could leverage cryptographic protocol vulnerabilities in RFC 4757 (Kerberos encryption type RC4-HMAC-MD5) and MS-PAC (Privilege Attribute Certificate Data Structure specification) to bypass security features in a Windows AD environment.


Where can I find more information about these changes?

For more information please see How to manage the Kerberos Protocol changes related to CVE-2022-37966.


I am running Windows Server 2022 Datacenter: Azure Edition (Server Core) but the hotpatch (Windows Server 2022 Datacenter: Azure Edition (Hotpatch)) for it is not listed in the Security Updates table. Is there an update that I can apply for this edition of Windows Server 2022?*

The update to address this vulnerability for Windows Server 2022 Datacenter: Azure Edition (Server Core) is not hotpatchable and is therefore not included in the November Hotpatch KB (5019080). Customers running Windows Server 2022 Datacenter: Azure Edition (Server Core) as a domain controller should install the update for Windows Server 2022 (5019081). This update will require a computer restart.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Critical Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-37966
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Critical Elevation of Privilege 5018450
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Critical Elevation of Privilege 5018450
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Critical Elevation of Privilege 5018450
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Critical Elevation of Privilege 5018450
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Critical Elevation of Privilege 5018454
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Critical Elevation of Privilege 5018454
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Critical Elevation of Privilege 5018457
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Critical Elevation of Privilege 5018457
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Critical Elevation of Privilege 5018474
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Critical Elevation of Privilege 5018474
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Critical Elevation of Privilege 5018411 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Critical Elevation of Privilege 5018411 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Critical Elevation of Privilege 5018419
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Critical Elevation of Privilege 5018419
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Critical Elevation of Privilege 5018421 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Critical Elevation of Privilege 5018421 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-37966 Tom Tervoort with Secura

CVE-2022-41085 - Azure CycleCloud Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41085
MITRE
NVD		 CVE Title: Azure CycleCloud Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.5/6.5
Base score metrics
Attack VectorAdjacent
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Upon successful exploitation, what privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain administrator privileges.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to brute force authentication and obtain a successful login.


What versions are impacted by this vulnerability?

All versions are impacted and should be updated based on the documentation provided in the CVE.


According to the CVSS metric, the attack vector as local (AV:A). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41085
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure CycleCloud 7 Release Notes (Security Update) Important Elevation of Privilege None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Azure CycleCloud 8 Release Notes (Security Update) Important Elevation of Privilege None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41085 Yiming Xiang with NSFOCUS TIANJI LAB

CVE-2022-41100 - Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41100
MITRE
NVD		 CVE Title: Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41100
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Elevation of Privilege 5016060 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41100 Jarvis_1oop of vulnerability research institute

CVE-2022-41058 - Windows Network Address Translation (NAT) Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41058
MITRE
NVD		 CVE Title: Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVSS:

CVSS:3.1 7.5/6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41058
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Denial of Service 5018425 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Denial of Service 5018425 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Denial of Service 5018411 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Denial of Service 5018411 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Denial of Service 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Denial of Service 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Denial of Service 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Denial of Service 5018410
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Denial of Service 5018410
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Denial of Service 5018410
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Denial of Service 5018410
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Denial of Service Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Denial of Service Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Denial of Service Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Denial of Service 5018418 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Denial of Service 5018418 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Denial of Service 5018427
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Denial of Service 5018427
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Denial of Service 5018474
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Denial of Service 5018474
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Denial of Service Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Denial of Service 5018450
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Denial of Service 5018450
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Denial of Service 5018450
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Denial of Service 5018450
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Denial of Service 5018457
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Denial of Service 5018457
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Denial of Service 5018474
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Denial of Service 5018474
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Denial of Service 5018411 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Denial of Service 5018411 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Denial of Service 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Denial of Service 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Denial of Service 5018421 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Denial of Service 5018421 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Denial of Service 5016060 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41058 Huichen Lin and Dong Seong Kim with School of Information Technology and Electrical Engineering - The University of Queensland

CVE-2022-41101 - Windows Overlay Filter Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41101
MITRE
NVD		 CVE Title: Windows Overlay Filter Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41101
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Elevation of Privilege 5016060 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41101 k0shl with Kunlun Lab

CVE-2022-41102 - Windows Overlay Filter Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41102
MITRE
NVD		 CVE Title: Windows Overlay Filter Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41102
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Elevation of Privilege 5016060 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41102 k0shl with Kunlun Lab

CVE-2022-41064 - .NET Framework Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41064
MITRE
NVD		 CVE Title: .NET Framework Information Disclosure Vulnerability
CVSS:

CVSS:3.1 5.8/5.1
Base score metrics
Attack VectorAdjacent
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

If I am using System.Data.SqlClient or Microsoft.Data.SqlClient, what do I need to do to be protected from this vulnerability?

Customers using either the System.Data.SqlClient or Microsoft.Data.SqlClient NuGet Packages need to do the following to be protected:

  • If you are using System.Data.SqlClient on .NET Framework you must install the November update for .NET Framework
  • If you are using System.Data.SqlClient on .NET Core, .NET 5 or .NET 6 you must update the nuget package to an updated version as listed in the affected packages.
  • If you are using Microsoft.Data.SqlClient, anywhere (.NET Core, .NET 5/6, .NET Framework) and you are using a version that is vulnerable you must update as listed in the affected packages.

Please see Microsoft Security Advisory CVE 2022-41064 | .NET Information Disclosure Vulnerability for more information.


According to the CVSS score, the Attack Vector is Adjacent (AV:A). What does this mean for this vulnerability?

Exploiting this vulnerability requires an attacker to be within the SQL Connection Pool.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to exhaust all the threads in the thread pool.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

In this case, a successful attack could cause the attacker access queries from other users in the SQL Connection Pool.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41064
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft .NET Framework 4.6.2 on Windows 10 for 32-bit Systems 5019970 (Security Update) Important Information Disclosure 5018425 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Microsoft .NET Framework 4.6.2 on Windows 10 for x64-based Systems 5019970 (Security Update) Important Information Disclosure 5018425 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 5020691 (Monthly Rollup)
5020681 (Security Only)		 Important Information Disclosure 5018550, 5013873
 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020691 (Monthly Rollup)
5020681 (Security Only)		 Important Information Disclosure 5018550, 5013873
 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 5020691 (Monthly Rollup)
5020681 (Security Only)		 Important Information Disclosure 5018550, 5013873
 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 5020688 (Monthly Rollup)
5020678 (Security Only)		 Important Information Disclosure 5013870, 5018547
 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 5020688 (Monthly Rollup)
5020678 (Security Only)		 Important Information Disclosure 5013870, 5018547
 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems 5020690 (Monthly Rollup)
5020680 (Security Only)		 Important Information Disclosure 5016568, 5018549
 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems 5020690 (Monthly Rollup)
5020680 (Security Only)		 Important Information Disclosure 5016568, 5018549
 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 5020690 (Monthly Rollup)
5020680 (Security Only)		 Important Information Disclosure 5016568, 5018549
 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020688 (Monthly Rollup)
5020678 (Security Only)		 Important Information Disclosure 5013870, 5018547
 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020688 (Monthly Rollup)
5020678 (Security Only)		 Important Information Disclosure 5013870, 5018547
 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 5020689 (Monthly Rollup)
5020679 (Security Only)		 Important Information Disclosure 5013871, 5018548
 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) 5020689 (Monthly Rollup)
5020679 (Security Only)		 Important Information Disclosure 5013871, 5018548
 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 5020679 (Security Only)
5020690 (Monthly Rollup)		 Important Information Disclosure
5016568, 5018549		 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) 5020679 (Security Only)
5020690 (Monthly Rollup)		 Important Information Disclosure
5016568, 5018549		 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for 32-bit Systems 5020685 (Security Update) Important Information Disclosure 5013868, 50185 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems 5020685 (Security Update) Important Information Disclosure 5013868, 50185 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for x64-based Systems 5020685 (Security Update) Important Information Disclosure 5013868, 50185 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.7.2 on Windows Server 2019 5020685 (Security Update) Important Information Disclosure 5013868, 50185 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.7.2 on Windows Server 2019 (Server Core installation) 5020685 (Security Update) Important Information Disclosure 5013868, 50185 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems 5020614 (Security Update) Important Information Disclosure 5013625, 5018515 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems 5020614 (Security Update) Important Information Disclosure 5013625, 5018515 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit Systems 5020685 (Monthly Rollup) Important Information Disclosure 5013868, 50185 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for ARM64-based Systems 5020685 (Security Update) Important Information Disclosure 5013868, 5018542 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based Systems 5020685 (Monthly Rollup) Important Information Disclosure 5013868, 50185 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for 32-bit Systems 5020686 (Security Update) Important Information Disclosure 5017498, 5018856, 5018543 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for ARM64-based Systems 5020686 (Security Update) Important Information Disclosure 5017498, 5018856, 5018543 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for x64-based Systems 5020686 (Security Update) Important Information Disclosure 5017498, 5018856, 5018543 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 21H1 for 32-bit Systems 5020801 (Security Update) Important Information Disclosure 5017499, 5018857, 5018544 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 21H1 for ARM64-based Systems 5020801 (Security Update) Important Information Disclosure 5017499, 5018857, 5018544 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 21H1 for x64-based Systems 5020801 (Security Update) Important Information Disclosure 5017499, 5018857, 5018544 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 21H2 for 32-bit Systems 5020687 (Security Update) Important Information Disclosure 5017500, 5018858, 5018545 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 21H2 for ARM64-based Systems 5020687 (Security Update) Important Information Disclosure 5017500, 5018858, 5018545 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 21H2 for x64-based Systems 5020687 (Security Update) Important Information Disclosure 5017500, 5018858, 5018545 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 22H2 for 32-bit Systems 5020694 (Security Update) Important Information Disclosure 5017651, 5018202 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 22H2 for ARM64-based Systems 5020694 (Security Update) Important Information Disclosure 5017651, 5018202 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 10 Version 22H2 for x64-based Systems 5020694 (Security Update) Important Information Disclosure 5017651, 5018202 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 11 for ARM64-based Systems 5020695 (Security Update) Important Information Disclosure 5017497, 5018859, 5018546 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 11 for x64-based Systems 5020695 (Security Update) Important Information Disclosure 5017497, 5018859, 5018546 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1 5020688 (Monthly Rollup) Important Information Disclosure 5013870, 5018547 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1 5020688 (Monthly Rollup)
5020678 (Security Only)		 Important Information Disclosure 5013870, 5018547
 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems 5020690 (Monthly Rollup) Important Information Disclosure 5016568, 5018549 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems 5020690 (Monthly Rollup) Important Information Disclosure 5016568, 5018549 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows RT 8.1 5020690 (Monthly Rollup) Important Information Disclosure 5016568, 5018549 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020688 (Monthly Rollup) Important Information Disclosure 5013870, 5018547 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020688 (Monthly Rollup) Important Information Disclosure 5013870, 5018547 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows Server 2012 5020689 (Monthly Rollup) Important Information Disclosure 5013871, 5018548 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) 5020689 (Monthly Rollup) Important Information Disclosure 5013871, 5018548 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 5020690 (Monthly Rollup) Important Information Disclosure 5016568, 5018549 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) 5020690 (Monthly Rollup) Important Information Disclosure 5016568, 5018549 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows Server 2016 5020614 (Security Update) Important Information Disclosure 5013625, 5018515 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) 5020614 (Security Update) Important Information Disclosure 5013625, 5018515 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows Server 2019 5020685 (Security Update) Important Information Disclosure 5013868, 50185 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation) 5020685 (Security Update) Important Information Disclosure 5013868, 50185 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 10 Version 1809 for 32-bit Systems 5020685 (Security Update) Important Information Disclosure 5013868, 50185 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 10 Version 1809 for ARM64-based Systems 5020685 (Security Update) Important Information Disclosure 5013868, 50185 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 10 Version 1809 for x64-based Systems 5020685 (Security Update) Important Information Disclosure 5013868, 50185 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 10 Version 20H2 for 32-bit Systems 5020686 (Security Update) Important Information Disclosure 5017498, 5018856, 5018543 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 10 Version 20H2 for ARM64-based Systems 5020686 (Security Update) Important Information Disclosure 5017498, 5018856, 5018543 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 10 Version 20H2 for x64-based Systems 5020686 (Security Update) Important Information Disclosure 5017498, 5018856, 5018543 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for 32-bit Systems 5020801 (Security Update) Important Information Disclosure 5017499, 5018857, 5018544 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for ARM64-based Systems 5020801 (Security Update) Important Information Disclosure 5017499, 5018857, 5018544 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for x64-based Systems 5020801 (Security Update) Important Information Disclosure 5017499, 5018857, 5018544 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems 5020687 (Security Update) Important Information Disclosure 5017500, 5018858, 5018545 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems 5020687 (Security Update) Important Information Disclosure 5017500, 5018858, 5018545 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for x64-based Systems 5020687 (Security Update) Important Information Disclosure 5017500, 5018858, 5018545 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems 5020694 (Security Update) Important Information Disclosure 5017651, 5018202 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems 5020694 (Security Update) Important Information Disclosure 5017651, 5018202 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for x64-based Systems 5020694 (Security Update) Important Information Disclosure 5017651, 5018202 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 11 for ARM64-based Systems 5020695 (Security Update) Important Information Disclosure 5017497, 5018859, 5018546 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 11 for x64-based Systems 5020695 (Security Update) Important Information Disclosure 5017497, 5018859, 5018546 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems 5020622 (Security Update) Important Information Disclosure 5017271, 5018341 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft .NET Framework 4.8.1 on Windows 11 Version 22H2 for x64-based Systems 5020622 (Security Update) Important Information Disclosure 5017271, 5018341 Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Nuget 2.1.2 Release Notes (Security Update) Important Information Disclosure None Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Nuget 4.8.5 Release Notes (Security Update) Important Information Disclosure None Base: 5.8
Temporal: 5.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41064

CVE-2022-39327 - GitHub: CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-39327
MITRE
NVD		 CVE Title: GitHub: CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI
CVSS:
None
FAQ:

Why is this GitHub CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Azure cli, which is published on GitHub and for which GitHub is the CVE Naming Authority (CNA). It is being documented in the Security Update Guide to inform customers using the azure-cli that they need to apply the updated version. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-39327
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure CLI Improper Control of Generation of Code ('Code Injection') in Azure CLI (Security Update) Critical Remote Code Execution 2.41.0 Base: N/A
Temporal: N/A
Vector: N/A
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-39327 None

CVE-2022-41120 - Microsoft Windows Sysmon Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41120
MITRE
NVD		 CVE Title: Microsoft Windows Sysmon Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Upon successful exploitation, what privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain administrator privileges.


How could an attacker exploit this vulnerability?

A locally authenticated attacker could manipulate information on the Sysinternals services to achieve elevation from local user to SYSTEM admin.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41120
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows Sysmon Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41120 Filip Dragovic with Infigo IS

CVE-2022-41122 - Microsoft SharePoint Server Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41122
MITRE
NVD		 CVE Title: Microsoft SharePoint Server Spoofing Vulnerability
CVSS:

CVSS:3.1 6.5/5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.


According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published. This CVE was addressed by updates that were released in September 2022, but the CVE was omitted from the September 2022 Security Updates. This is an informational change only. Customers who have already installed the September 2022 update do not need to take any further action.


 Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41122
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 5002264 (Cumulative Update)
5002267 (Security Update)		 Important Spoofing
5002219		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Enterprise Server 2016 5002269 (Security Update) Important Spoofing 5002222
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 5002267 (Security Update) Important Spoofing 5002219
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Server 2019 5002258 (Security Update) Important Spoofing 5002212
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Server Subscription Edition 5002271 (Security Update) Important Spoofing Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41122 Li Jian Tao (@CurseRed) with STAR Labs

CVE-2022-41078 - Microsoft Exchange Server Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41078
MITRE
NVD		 CVE Title: Microsoft Exchange Server Spoofing Vulnerability
CVSS:

CVSS:3.1 8.0/7.0
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41078
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Exchange Server 2013 Cumulative Update 23 5019758 (Security Update) Important Spoofing 5019076 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Microsoft Exchange Server 2016 Cumulative Update 22 5019758 (Security Update) Important Spoofing 5019077 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Microsoft Exchange Server 2016 Cumulative Update 23 5019758 (Security Update) Important Spoofing 5019077 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Microsoft Exchange Server 2019 Cumulative Update 11 5019758 (Security Update) Important Spoofing 5019077 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Microsoft Exchange Server 2019 Cumulative Update 12 5019758 (Security Update) Important Spoofing 5019077 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41078 Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

CVE-2022-41123 - Microsoft Exchange Server Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41123
MITRE
NVD		 CVE Title: Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41123
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Exchange Server 2016 Cumulative Update 22 5019758 (Security Update) Important Elevation of Privilege 5019077 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Microsoft Exchange Server 2016 Cumulative Update 23 5019758 (Security Update) Important Elevation of Privilege 5019077 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Microsoft Exchange Server 2019 Cumulative Update 11 5019758 (Security Update) Important Elevation of Privilege 5019077 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Microsoft Exchange Server 2019 Cumulative Update 12 5019758 (Security Update) Important Elevation of Privilege 5019077 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41123 Piotr Bazydlo (@chudypb) working with Trend Micro Zero Day Initiative

CVE-2022-41079 - Microsoft Exchange Server Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41079
MITRE
NVD		 CVE Title: Microsoft Exchange Server Spoofing Vulnerability
CVSS:

CVSS:3.1 8.0/7.0
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41079
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Exchange Server 2013 Cumulative Update 23 5019758 (Security Update) Important Spoofing 5019076 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Microsoft Exchange Server 2016 Cumulative Update 22 5019758 (Security Update) Important Spoofing 5019077 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Microsoft Exchange Server 2016 Cumulative Update 23 5019758 (Security Update) Important Spoofing 5019077 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Microsoft Exchange Server 2019 Cumulative Update 11 5019758 (Security Update) Important Spoofing 5019077 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Microsoft Exchange Server 2019 Cumulative Update 12 5019758 (Security Update) Important Spoofing 5019077 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41079 Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

CVE-2022-41080 - Microsoft Exchange Server Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41080
MITRE
NVD		 CVE Title: Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Critical Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41080
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Exchange Server 2013 Cumulative Update 23 5019758 (Security Update) Critical Elevation of Privilege 5019076 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Microsoft Exchange Server 2016 Cumulative Update 22 5019758 (Security Update) Critical Elevation of Privilege 5019077 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Microsoft Exchange Server 2016 Cumulative Update 23 5019758 (Security Update) Critical Elevation of Privilege 5019077 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Microsoft Exchange Server 2019 Cumulative Update 11 5019758 (Security Update) Critical Elevation of Privilege 5019077 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Microsoft Exchange Server 2019 Cumulative Update 12 5019758 (Security Update) Critical Elevation of Privilege 5019077 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41080 rskvp93 with VcsLab of Viettel Cyber Security

CVE-2022-3602 - OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3602
MITRE
NVD		 CVE Title: OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun
CVSS:
None
FAQ:

Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.


Where can I find further guidance for this OpenSSL vulnerability?

For more information and guidance see Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602).


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-02T07:00:00    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
N/A No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3602
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure SDK for C++ Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
 Maybe
Microsoft Azure Kubernetes Service Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
 Maybe
vcpkg Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3602



CVE-2022-41128 - Windows Scripting Languages Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41128
MITRE
NVD		 CVE Title: Windows Scripting Languages Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.8/8.2
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityFunctional
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.


The CVE title says Windows Scripting Languages, what does that mean for this vulnerability?

This vulnerability impacts the JScript9 scripting language.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Detected No Yes

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41128
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Critical Remote Code Execution 5018425 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Critical Remote Code Execution 5018425 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Critical Remote Code Execution 5018411 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Critical Remote Code Execution 5018411 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Critical Remote Code Execution 5018410
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Critical Remote Code Execution 5018410
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Critical Remote Code Execution 5018410
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Critical Remote Code Execution 5018410
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Critical Remote Code Execution Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Critical Remote Code Execution Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Critical Remote Code Execution Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Critical Remote Code Execution 5018418 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Critical Remote Code Execution 5018418 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Critical Remote Code Execution 5018427
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Critical Remote Code Execution 5018427
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)
5019958 (IE Cumulative)		 Critical Remote Code Execution 5018454
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)
5019958 (IE Cumulative)		 Critical Remote Code Execution 5018454
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)
5019958 (IE Cumulative)		 Critical Remote Code Execution 5018474
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)
5019958 (IE Cumulative)		 Critical Remote Code Execution 5018474
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows RT 8.1 5020023 (Monthly Rollup) Critical Remote Code Execution
5018474		 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)
5019958 (IE Cumulative)		 Critical Remote Code Execution 5018454
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)
5019958 (IE Cumulative)		 Critical Remote Code Execution 5018457
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup) Critical Remote Code Execution 5018474
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Critical Remote Code Execution 5018411 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Critical Remote Code Execution 5018421 Base: 8.8
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41128 Clément Lecigne of Google’s Threat Analysis Group

CVE-2022-38015 - Windows Hyper-V Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-38015
MITRE
NVD		 CVE Title: Windows Hyper-V Denial of Service Vulnerability
CVSS:

CVSS:3.1 6.5/5.7
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Critical Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-38015
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for x64-based Systems 5019970 (Security Update) Critical Denial of Service 5018425 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Critical Denial of Service 5018411 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Critical Denial of Service 5018419
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Critical Denial of Service
5018410		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Critical Denial of Service 5018410
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Critical Denial of Service
5018410		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Critical Denial of Service Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Critical Denial of Service 5018418 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Critical Denial of Service 5018427
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Critical Denial of Service 5018411 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Critical Denial of Service 5018411 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Critical Denial of Service 5018419
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Critical Denial of Service 5018419
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Critical Denial of Service 5018421 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Critical Denial of Service 5018421 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Critical Denial of Service 5016060 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-38015 Eran Segal with Safebreach

CVE-2022-37967 - Windows Kerberos Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-37967
MITRE
NVD		 CVE Title: Windows Kerberos Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.2/6.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Upon successful exploitation, what privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain administrator privileges.


How could an attacker exploit this vulnerability?

An authenticated attacker could leverage cryptographic protocol vulnerabilities in Windows Kerberos. If the attacker gains control on the service that is allowed for delegation, they can modify the Kerberos PAC to elevate their privileges.


Where can I find more information about these changes?

For more information please see How to manage the Kerberos and Netlogon Protocol changes related to CVE-2022-37967.


Do I need to take further steps to be protected from this vulnerability?

Yes. Please review the KB article How to manage the Kerberos and Netlogon Protocol changes related to CVE-2022-37967. This recommends that you:

  1. Use audit mode to review logs.
  2. Review third-party servers and clients.

If I install the updates and take no further action, what will be the impact?

Intially you will not be secure. There are additional actions an administrator needs to take that are outlined in the KB article.

Why do I need to follow the guidelines in how to manage the changes in Kerberos associated with CVE-2022-37967?

There is a risk of exploitation of the noted vulnerability if you don't take the required actions.

How does Microsoft plan to address this vulnerability?

To give administrators time to make corrections that prevent authentication failures, and to provide a choice on when to implement the enforcement, Microsoft is addressing this vulnerability in a phased rollout.

What is the timeline for this rollout?

Please refer to the planned enforcement timeline in the KB article.

How can I be notified when the further updates are available?

When each phase of Windows updates become available, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center.


I am running Windows Server 2022 Datacenter: Azure Edition (Server Core) but the hotpatch (Windows Server 2022 Datacenter: Azure Edition (Hotpatch)) for it is not listed in the Security Updates table. Is there an update that I can apply for this edition of Windows Server 2022?*

The update to address this vulnerability for Windows Server 2022 Datacenter: Azure Edition (Server Core) is not hotpatchable and is therefore not included in the November Hotpatch KB (5019080). Customers running Windows Server 2022 Datacenter: Azure Edition (Server Core) as a domain controller should install the update for Windows Server 2022 (5019081). This update will require a computer restart.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Critical Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-37967
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Critical Elevation of Privilege 5018450
 Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Critical Elevation of Privilege 5018450
 Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Critical Elevation of Privilege 5018450
 Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Critical Elevation of Privilege 5018450
 Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Critical Elevation of Privilege 5018454
 Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Critical Elevation of Privilege 5018454
 Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Critical Elevation of Privilege 5018457
 Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Critical Elevation of Privilege 5018457
 Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Critical Elevation of Privilege 5018474
 Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Critical Elevation of Privilege 5018474
 Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Critical Elevation of Privilege 5018411 Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Critical Elevation of Privilege 5018411 Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Critical Elevation of Privilege 5018419
 Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Critical Elevation of Privilege 5018419
 Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Critical Elevation of Privilege 5018421 Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Critical Elevation of Privilege 5018421 Base: 7.2
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-37967 None

CVE-2022-38023 - Netlogon RPC Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-38023
MITRE
NVD		 CVE Title: Netlogon RPC Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 8.1/7.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.


Upon successful exploitation, what privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain administrator privileges.


Where can I find more information about these changes?

For more information please see How to manage Netlogon Protocol changes related to CVE-2022-38023.


I am running Windows Server 2022 Datacenter: Azure Edition (Server Core) but the hotpatch (Windows Server 2022 Datacenter: Azure Edition (Hotpatch)) for it is not listed in the Security Updates table. Is there an update that I can apply for this edition of Windows Server 2022?*

The update to address this vulnerability for Windows Server 2022 Datacenter: Azure Edition (Server Core) is not hotpatchable and is therefore not included in the November Hotpatch KB (5019080). Customers running Windows Server 2022 Datacenter: Azure Edition (Server Core) as a domain controller should install the update for Windows Server 2022 (5019081). This update will require a computer restart.


How could an attacker exploit this vulnerability?

An authenticated attacker could leverage cryptographic protocol vulnerabilities in the Windows Netlogon protocol when RPC Signing is used instead of RPC Sealing. Where RPC Signing is used instead of RPC Sealing the attacker could gain control of the service and then might be able to modify Netlogon protocol traffic to elevate their privileges.


How does Microsoft plan to address this vulnerability?

To give administrators time to make corrections that prevent authentication failures, and to provide a choice on when to implement the enforcement, Microsoft is addressing this vulnerability in a phased rollout.

What is the timeline for this rollout?

Please refer to the planned enforcement timeline in the KB article: How to manage Netlogon Protocol changes related to CVE-2022-38023.

How can I be notified when the further updates are available?

When each phase of Windows updates become available, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-38023
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-38023 None

CVE-2022-37992 - Windows Group Policy Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-37992
MITRE
NVD		 CVE Title: Windows Group Policy Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-37992
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Elevation of Privilege 5016060 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-37992 somaro

CVE-2022-41039 - Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41039
MITRE
NVD		 CVE Title: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.1/7.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


How could an attacker exploit this vulnerability?

An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41039
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Critical Remote Code Execution 5018425 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Critical Remote Code Execution 5018425 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Critical Remote Code Execution 5018411 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Critical Remote Code Execution 5018411 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Critical Remote Code Execution 5018410
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Critical Remote Code Execution 5018410
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Critical Remote Code Execution 5018410
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Critical Remote Code Execution 5018410
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Critical Remote Code Execution Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Critical Remote Code Execution Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Critical Remote Code Execution Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Critical Remote Code Execution 5018418 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Critical Remote Code Execution 5018418 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Critical Remote Code Execution 5018427
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Critical Remote Code Execution 5018427
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Critical Remote Code Execution 5018454
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Critical Remote Code Execution 5018454
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Critical Remote Code Execution 5018474
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Critical Remote Code Execution 5018474
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Critical Remote Code Execution Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Critical Remote Code Execution 5018454
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Critical Remote Code Execution 5018454
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Critical Remote Code Execution 5018457
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Critical Remote Code Execution 5018457
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Critical Remote Code Execution 5018474
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Critical Remote Code Execution 5018474
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Critical Remote Code Execution 5018411 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Critical Remote Code Execution 5018411 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Critical Remote Code Execution 5018421 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Critical Remote Code Execution 5018421 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Critical Remote Code Execution 5016060 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41039 Yuki Chen with Cyber KunLun


Jarvis_1oop of vulnerability research institute

CVE-2022-41086 - Windows Group Policy Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41086
MITRE
NVD		 CVE Title: Windows Group Policy Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 6.4/5.6
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires the attacker to have privileges to create Group Policy Templates. As is best practice, regular validation and audits of administrative groups should be conducted.


Upon successful exploitation, what privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain domain administrator privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41086
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Elevation of Privilege Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Elevation of Privilege 5016060 Base: 6.4
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41086 Matthieu Buffet

CVE-2022-41044 - Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41044
MITRE
NVD		 CVE Title: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.1/7.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


How could an attacker exploit this vulnerability?

An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41044
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Critical Remote Code Execution 5018454
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Critical Remote Code Execution 5018454
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Critical Remote Code Execution 5018450
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Critical Remote Code Execution 5018450
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Critical Remote Code Execution 5018450
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Critical Remote Code Execution 5018450
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Critical Remote Code Execution 5018454
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Critical Remote Code Execution 5018454
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41044 Microsoft's Windows Servicing and Delivery Group - Network Security and Containers (NSC) Team

CVE-2022-39253 - GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-39253
MITRE
NVD		 CVE Title: GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default
CVSS:
None
FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Successful exploitation of this vulnerability requires a malicious actor to convince a victim to close a repository with a symbolic link pointing to sensitive information on a victim's machine.


Why is this GitHub CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

For more information see: Local clone optimization dereferences symbolic links by default.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-39253
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Release Notes (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
 Maybe
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Release Notes (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
 Maybe
Microsoft Visual Studio 2022 version 17.0 Release Notes (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
 Maybe
Microsoft Visual Studio 2022 version 17.2 Release Notes (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
 Maybe
Microsoft Visual Studio 2022 version 17.3 Release Notes (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-39253 None

CVE-2022-41088 - Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41088
MITRE
NVD		 CVE Title: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.1/7.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


How could an attacker exploit the vulnerability?

To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This could result in remote code execution on the server side.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41088
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Critical Remote Code Execution 5018425 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Critical Remote Code Execution 5018425 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Critical Remote Code Execution 5018411 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Critical Remote Code Execution 5018411 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Critical Remote Code Execution 5018410
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Critical Remote Code Execution 5018410
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Critical Remote Code Execution 5018410
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Critical Remote Code Execution 5018410
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Critical Remote Code Execution Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Critical Remote Code Execution Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Critical Remote Code Execution Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Critical Remote Code Execution 5018418 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Critical Remote Code Execution 5018418 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Critical Remote Code Execution 5018427
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Critical Remote Code Execution 5018427
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Critical Remote Code Execution 5018474
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Critical Remote Code Execution 5018474
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Critical Remote Code Execution Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Critical Remote Code Execution 5018457
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Critical Remote Code Execution 5018457
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Critical Remote Code Execution 5018474
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Critical Remote Code Execution 5018474
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Critical Remote Code Execution 5018411 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Critical Remote Code Execution 5018411 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Critical Remote Code Execution 5018421 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Critical Remote Code Execution 5018421 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Critical Remote Code Execution 5016060 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41088 Yuki Chen with Cyber KunLun

CVE-2022-41045 - Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41045
MITRE
NVD		 CVE Title: Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41045
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Elevation of Privilege 5016060 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41045 Jarvis_1oop of vulnerability research institute

CVE-2022-41090 - Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41090
MITRE
NVD		 CVE Title: Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
CVSS:

CVSS:3.1 5.9/5.2
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41090
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Denial of Service 5018425 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Denial of Service 5018425 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Denial of Service 5018411 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Denial of Service 5018411 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Denial of Service 5018419
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Denial of Service 5018419
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Denial of Service 5018419
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Denial of Service 5018410
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Denial of Service 5018410
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Denial of Service 5018410
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Denial of Service 5018410
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Denial of Service Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Denial of Service Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Denial of Service Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Denial of Service 5018418 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Denial of Service 5018418 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Denial of Service 5018427
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Denial of Service 5018427
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Denial of Service 5018474
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Denial of Service 5018474
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Denial of Service Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Denial of Service 5018457
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Denial of Service 5018457
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Denial of Service 5018474
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Denial of Service 5018474
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Denial of Service 5018411 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Denial of Service 5018411 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Denial of Service 5018419
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Denial of Service 5018419
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Denial of Service 5018421 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Denial of Service 5018421 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Denial of Service 5016060 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41090 Yuki Chen with Cyber KunLun

CVE-2022-41047 - Microsoft ODBC Driver Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41047
MITRE
NVD		 CVE Title: Microsoft ODBC Driver Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How could an attacker exploit this vulnerability?

An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41047
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Remote Code Execution 5018425 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Remote Code Execution 5018425 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Remote Code Execution 5018411 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Remote Code Execution 5018411 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Remote Code Execution 5018419
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Remote Code Execution 5018419
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Remote Code Execution 5018419
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Remote Code Execution
5018410		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Remote Code Execution
5018410		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Remote Code Execution
5018410		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Remote Code Execution 5018410
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Remote Code Execution 5018410
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Remote Code Execution 5018410
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Remote Code Execution 5018410
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Remote Code Execution
5018410		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Remote Code Execution
5018410		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Remote Code Execution Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Remote Code Execution Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Remote Code Execution Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Remote Code Execution 5018418 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Remote Code Execution 5018418 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Remote Code Execution 5018427
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Remote Code Execution 5018427
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Remote Code Execution 5018454
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Remote Code Execution 5018454
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Remote Code Execution 5018474
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Remote Code Execution 5018474
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Remote Code Execution Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Remote Code Execution 5018450
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Remote Code Execution 5018450
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Remote Code Execution 5018450
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Remote Code Execution 5018450
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Remote Code Execution 5018454
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Remote Code Execution 5018454
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Remote Code Execution 5018457
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Remote Code Execution 5018457
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Remote Code Execution 5018474
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Remote Code Execution 5018474
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Remote Code Execution 5018411 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Remote Code Execution 5018411 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Remote Code Execution 5018419
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Remote Code Execution 5018419
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Remote Code Execution 5018421 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Remote Code Execution 5018421 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Remote Code Execution 5016060 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41047 Haifei Li with CyberKL Kunlun Lab

CVE-2022-41048 - Microsoft ODBC Driver Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41048
MITRE
NVD		 CVE Title: Microsoft ODBC Driver Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How could an attacker exploit this vulnerability?

An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41048
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Remote Code Execution 5018425 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Remote Code Execution 5018425 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Remote Code Execution 5018411 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Remote Code Execution 5018411 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Remote Code Execution 5018419
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Remote Code Execution 5018419
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Remote Code Execution 5018419
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Remote Code Execution
5018410		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Remote Code Execution
5018410		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Remote Code Execution
5018410		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Remote Code Execution 5018410
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Remote Code Execution 5018410
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Remote Code Execution 5018410
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Remote Code Execution 5018410
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Remote Code Execution
5018410		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Remote Code Execution
5018410		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Remote Code Execution Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Remote Code Execution Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Remote Code Execution Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Remote Code Execution 5018418 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Remote Code Execution 5018418 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Remote Code Execution 5018427
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Remote Code Execution 5018427
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Remote Code Execution 5018454
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Remote Code Execution 5018454
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Remote Code Execution 5018474
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Remote Code Execution 5018474
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Remote Code Execution Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Remote Code Execution 5018450
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Remote Code Execution 5018450
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Remote Code Execution 5018450
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Remote Code Execution 5018450
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Remote Code Execution 5018454
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Remote Code Execution 5018454
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Remote Code Execution 5018457
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Remote Code Execution 5018457
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Remote Code Execution 5018474
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Remote Code Execution 5018474
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Remote Code Execution 5018411 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Remote Code Execution 5018411 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Remote Code Execution 5018419
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Remote Code Execution 5018419
 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Remote Code Execution 5018421 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Remote Code Execution 5018421 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Remote Code Execution 5016060 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41048 Haifei Li with CyberKL Kunlun Lab

CVE-2022-41091 - Windows Mark of the Web Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41091
MITRE
NVD		 CVE Title: Windows Mark of the Web Security Feature Bypass Vulnerability
CVSS:

CVSS:3.1 5.4/4.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityLow
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How could an attacker exploit the vulnerability?

  • In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass.
  • In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass.
  • Compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass.

In all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment.

Please see Additional information about Mark of the Web for further clarification


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?

An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Detected Yes Yes

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41091
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Security Feature Bypass 5018425 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Security Feature Bypass 5018425 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Security Feature Bypass 5018411 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Security Feature Bypass 5018411 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Security Feature Bypass 5018419
 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Security Feature Bypass 5018419
 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Security Feature Bypass 5018419
 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Security Feature Bypass
5018410		 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Security Feature Bypass
5018410		 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Security Feature Bypass
5018410		 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Security Feature Bypass 5018410
 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Security Feature Bypass 5018410
 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Security Feature Bypass 5018410
 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Security Feature Bypass 5018410
 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Security Feature Bypass
5018410		 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Security Feature Bypass
5018410		 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Security Feature Bypass Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Security Feature Bypass Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Security Feature Bypass Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Security Feature Bypass 5018418 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Security Feature Bypass 5018418 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Security Feature Bypass 5018427
 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Security Feature Bypass 5018427
 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Security Feature Bypass 5018411 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Security Feature Bypass 5018411 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Security Feature Bypass 5018419
 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Security Feature Bypass 5018419
 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Security Feature Bypass 5018421 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Security Feature Bypass 5018421 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Security Feature Bypass 5016060 Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41091

CVE-2022-41092 - Windows Win32k Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41092
MITRE
NVD		 CVE Title: Windows Win32k Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41092
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Elevation of Privilege 5016060 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41092 namnp working with Trend Micro Zero Day Initiative


CVE-2022-41049 - Windows Mark of the Web Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41049
MITRE
NVD		 CVE Title: Windows Mark of the Web Security Feature Bypass Vulnerability
CVSS:

CVSS:3.1 5.4/5.0
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityLow
Temporal score metrics
Exploit Code MaturityFunctional
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How could an attacker exploit the vulnerability?

  • In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass.
  • In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass.
  • Compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass.

In all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment.

Please see Additional information about Mark of the Web for further clarification


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?

An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41049
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Security Feature Bypass 5018425 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Security Feature Bypass 5018425 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Security Feature Bypass 5018411 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Security Feature Bypass 5018411 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Security Feature Bypass 5018419
 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Security Feature Bypass 5018419
 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Security Feature Bypass 5018419
 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Security Feature Bypass
5018410		 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Security Feature Bypass
5018410		 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Security Feature Bypass
5018410		 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Security Feature Bypass 5018410
 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Security Feature Bypass 5018410
 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Security Feature Bypass 5018410
 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Security Feature Bypass 5018410
 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Security Feature Bypass
5018410		 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Security Feature Bypass
5018410		 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Security Feature Bypass Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Security Feature Bypass Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Security Feature Bypass Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Security Feature Bypass 5018418 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Security Feature Bypass 5018418 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Security Feature Bypass 5018427
 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Security Feature Bypass 5018427
 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Security Feature Bypass 5018411 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Security Feature Bypass 5018411 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Security Feature Bypass 5018419
 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Security Feature Bypass 5018419
 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Security Feature Bypass 5018421 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Security Feature Bypass 5018421 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Security Feature Bypass 5016060 Base: 5.4
Temporal: 5.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41049 Will Dormann CERT/CC

CVE-2022-41093 - Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41093
MITRE
NVD		 CVE Title: Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


What type of privileges could an attacker gain through this vulnerability?

A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41093
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Elevation of Privilege 5016060 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41093 Jarvis_1oop of vulnerability research institute

CVE-2022-41050 - Windows Extensible File Allocation Table Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41050
MITRE
NVD		 CVE Title: Windows Extensible File Allocation Table Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of privileges could an attacker gain through this vulnerability?

A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41050
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Elevation of Privilege 5016060 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41050 HyungSeok Joo

CVE-2022-41051 - Azure RTOS GUIX Studio Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41051
MITRE
NVD		 CVE Title: Azure RTOS GUIX Studio Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What is RTOS?

Azure RTOS is an embedded development suite including a small but powerful operating system that provides reliable, ultra-fast performance for resource-constrained devices. See Azure RTOS Overview for more information.

What is Azure RTOS GUIX Studio?

Azure GUIX embedded GUI is Microsoft’s advanced, industrial grade GUI solution designed specifically for deeply embedded, real-time, and IoT applications. Microsoft also provides a full-featured WYSIWYG desktop design tool named Azure RTOS GUIX Studio, which allows developers to design their GUI on the desktop and generate Azure RTOS GUIX embedded GUI code that can then be exported to the target. See Azure RTOS GUIX and Azure RTOS GUIX Studio for more information.


According to the CVSS metric, no privileges are required (PR:N) and user interaction is required (UI:R). What user interaction would the user have to do?

A user of any privilege would need to run the malicious file downloaded via email, website or a thumb drive in order for the attack to be successful.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41051
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure RTOS GUIX Studio Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41051 HP of Cyber Kunlun Lab

CVE-2022-41052 - Windows Graphics Component Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41052
MITRE
NVD		 CVE Title: Windows Graphics Component Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41052
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Remote Code Execution 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Remote Code Execution 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Remote Code Execution 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Remote Code Execution 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Remote Code Execution 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Remote Code Execution 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Remote Code Execution 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Remote Code Execution
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Remote Code Execution
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Remote Code Execution
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Remote Code Execution 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Remote Code Execution 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Remote Code Execution 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Remote Code Execution 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Remote Code Execution
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Remote Code Execution
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Remote Code Execution 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Remote Code Execution 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Remote Code Execution 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Remote Code Execution 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Remote Code Execution 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Remote Code Execution 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Remote Code Execution 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Remote Code Execution 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41052 Hossein Lotfi of Trend Micro Zero Day Initiative

CVE-2022-41095 - Windows Digital Media Receiver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41095
MITRE
NVD		 CVE Title: Windows Digital Media Receiver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41095
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41095

CVE-2022-41053 - Windows Kerberos Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41053
MITRE
NVD		 CVE Title: Windows Kerberos Denial of Service Vulnerability
CVSS:

CVSS:3.1 7.5/6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41053
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Denial of Service 5018425 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Denial of Service 5018425 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Denial of Service 5018411 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Denial of Service 5018411 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Denial of Service 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Denial of Service 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Denial of Service 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Denial of Service 5018410
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Denial of Service 5018410
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Denial of Service 5018410
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Denial of Service 5018410
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Denial of Service Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Denial of Service Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Denial of Service Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Denial of Service 5018418 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Denial of Service 5018418 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Denial of Service 5018427
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Denial of Service 5018427
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Denial of Service 5018474
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Denial of Service 5018474
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Denial of Service Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Denial of Service 5018450
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Denial of Service 5018450
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Denial of Service 5018450
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Denial of Service 5018450
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Denial of Service 5018457
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Denial of Service 5018457
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Denial of Service 5018474
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Denial of Service 5018474
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Denial of Service 5018411 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Denial of Service 5018411 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Denial of Service 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Denial of Service 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Denial of Service 5018421 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Denial of Service 5018421 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Denial of Service 5016060 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41053

CVE-2022-41096 - Microsoft DWM Core Library Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41096
MITRE
NVD		 CVE Title: Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41096
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41096 Keqi Hu

CVE-2022-41054 - Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41054
MITRE
NVD		 CVE Title: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41054
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Elevation of Privilege 5016060 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41054 k0shl with Kunlun Lab

CVE-2022-41097 - Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41097
MITRE
NVD		 CVE Title: Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability
CVSS:

CVSS:3.1 6.5/5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41097
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Information Disclosure 5018425 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Information Disclosure 5018425 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Information Disclosure 5018411 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Information Disclosure 5018411 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Information Disclosure 5018419
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Information Disclosure 5018419
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Information Disclosure 5018419
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Information Disclosure 5018410
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Information Disclosure 5018410
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Information Disclosure 5018410
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Information Disclosure 5018410
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Information Disclosure Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Information Disclosure Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Information Disclosure Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Information Disclosure 5018418 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Information Disclosure 5018418 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Information Disclosure 5018427
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Information Disclosure 5018427
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Information Disclosure 5018454
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Information Disclosure 5018454
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Information Disclosure 5018474
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Information Disclosure 5018474
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Information Disclosure Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Information Disclosure 5018450
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Information Disclosure 5018450
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Information Disclosure 5018450
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Information Disclosure 5018450
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Information Disclosure 5018454
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Information Disclosure 5018454
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Information Disclosure 5018457
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Information Disclosure 5018457
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Information Disclosure 5018474
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Information Disclosure 5018474
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Information Disclosure 5018411 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Information Disclosure 5018411 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Information Disclosure 5018419
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Information Disclosure 5018419
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Information Disclosure 5018421 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Information Disclosure 5018421 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Information Disclosure 5016060 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41097 Yuki Chen with Cyber KunLun

CVE-2022-41055 - Windows Human Interface Device Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41055
MITRE
NVD		 CVE Title: Windows Human Interface Device Information Disclosure Vulnerability
CVSS:

CVSS:3.1 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41055
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Information Disclosure 5018419
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Information Disclosure 5018419
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Information Disclosure 5018419
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Information Disclosure 5018410
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Information Disclosure 5018410
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Information Disclosure 5018410
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Information Disclosure 5018410
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Information Disclosure Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Information Disclosure Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Information Disclosure Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Information Disclosure 5018418 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Information Disclosure 5018418 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Information Disclosure 5018427
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Information Disclosure 5018427
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Information Disclosure 5018419
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Information Disclosure 5018419
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Information Disclosure 5018421 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Information Disclosure 5018421 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Information Disclosure 5016060 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41055 Troy532

CVE-2022-41098 - Windows GDI+ Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41098
MITRE
NVD		 CVE Title: Windows GDI+ Information Disclosure Vulnerability
CVSS:

CVSS:3.1 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Exploitation of the vulnerability requires that a user open a specially crafted file.

  • In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
  • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.


What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited the vulnerability could potentially read small portions of heap memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41098
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Information Disclosure 5018425 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Information Disclosure 5018425 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Information Disclosure 5018411 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Information Disclosure 5018411 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Information Disclosure 5018419
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Information Disclosure 5018419
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Information Disclosure 5018419
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Information Disclosure 5018410
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Information Disclosure 5018410
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Information Disclosure 5018410
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Information Disclosure 5018410
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Information Disclosure
5018410		 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Information Disclosure Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Information Disclosure Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Information Disclosure Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Information Disclosure 5018418 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Information Disclosure 5018418 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Information Disclosure 5018427
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Information Disclosure 5018427
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Information Disclosure 5018454
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Information Disclosure 5018454
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Information Disclosure 5018474
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Information Disclosure 5018474
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Information Disclosure Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Information Disclosure 5018450
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Information Disclosure 5018450
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Information Disclosure 5018450
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Information Disclosure 5018450
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Information Disclosure 5018454
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Information Disclosure 5018454
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Information Disclosure 5018457
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Information Disclosure 5018457
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Information Disclosure 5018474
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Information Disclosure 5018474
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Information Disclosure 5018411 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Information Disclosure 5018411 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Information Disclosure 5018419
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Information Disclosure 5018419
 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Information Disclosure 5018421 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Information Disclosure 5018421 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Information Disclosure 5016060 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41098 Bing Sun

CVE-2022-41056 - Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41056
MITRE
NVD		 CVE Title: Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability
CVSS:

CVSS:3.1 7.5/6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41056
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Denial of Service 5018425 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Denial of Service 5018425 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Denial of Service 5018411 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Denial of Service 5018411 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Denial of Service 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Denial of Service 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Denial of Service 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Denial of Service 5018410
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Denial of Service 5018410
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Denial of Service 5018410
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Denial of Service 5018410
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Denial of Service
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Denial of Service Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Denial of Service Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Denial of Service Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Denial of Service 5018418 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Denial of Service 5018418 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Denial of Service 5018427
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Denial of Service 5018427
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Denial of Service 5018474
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Denial of Service 5018474
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Denial of Service Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Denial of Service 5018450
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Denial of Service 5018450
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Denial of Service 5018450
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Denial of Service 5018450
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Denial of Service 5018457
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Denial of Service 5018457
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Denial of Service 5018474
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Denial of Service 5018474
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Denial of Service 5018411 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Denial of Service 5018411 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Denial of Service 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Denial of Service 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Denial of Service 5018421 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Denial of Service 5018421 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Denial of Service 5016060 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41056 Yuki Chen with Cyber KunLun

CVE-2022-41099 - BitLocker Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41099
MITRE
NVD		 CVE Title: BitLocker Security Feature Bypass Vulnerability
CVSS:

CVSS:3.1 4.6/4.0
Base score metrics
Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What security feature is bypassed with this vulnerability?

A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41099
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Security Feature Bypass 5018425 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Security Feature Bypass 5018425 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Security Feature Bypass 5018411 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Security Feature Bypass 5018411 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Security Feature Bypass 5018419
 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Security Feature Bypass 5018419
 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Security Feature Bypass 5018419
 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Security Feature Bypass
5018410		 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Security Feature Bypass
5018410		 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Security Feature Bypass
5018410		 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Security Feature Bypass 5018410
 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Security Feature Bypass 5018410
 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Security Feature Bypass 5018410
 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Security Feature Bypass 5018410
 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Security Feature Bypass
5018410		 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Security Feature Bypass
5018410		 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Security Feature Bypass Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Security Feature Bypass Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Security Feature Bypass Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Security Feature Bypass 5018418 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Security Feature Bypass 5018418 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Security Feature Bypass 5018427
 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Security Feature Bypass 5018427
 Base: 4.6
Temporal: 4.0
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41099 Anonymous

CVE-2022-41057 - Windows HTTP.sys Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41057
MITRE
NVD		 CVE Title: Windows HTTP.sys Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41057
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Elevation of Privilege 5016060 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41057 James Forshaw of Google Project Zero

ADV220003 - Microsoft Defense in Depth Update

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
ADV220003
MITRE
NVD		 CVE Title: Microsoft Defense in Depth Update
CVSS:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Defense in Depth

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

ADV220003
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Office 2013 RT Service Pack 1 3191875 (Security Update) Important Defense in Depth None Base: N/A
Temporal: N/A
Vector: N/A
 Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 3191875 (Security Update) Important Defense in Depth None Base: N/A
Temporal: N/A
Vector: N/A
 Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 3191875 (Security Update) Important Defense in Depth None Base: N/A
Temporal: N/A
Vector: N/A
 Maybe
Microsoft Office 2016 (32-bit edition) 3191869 (Security Update) Important Defense in Depth None Base: N/A
Temporal: N/A
Vector: N/A
 Maybe
Microsoft Office 2016 (64-bit edition) 3191869 (Security Update) Important Defense in Depth None Base: N/A
Temporal: N/A
Vector: N/A
 Maybe

Acknowledgements

CVE ID Acknowledgements
ADV220003

CVE-2022-41060 - Microsoft Word Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41060
MITRE
NVD		 CVE Title: Microsoft Word Information Disclosure Vulnerability
CVSS:

CVSS:3.1 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Exploitation of the vulnerability requires that a user open a specially crafted file.

  • In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
  • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41060
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office Online Server 5002276 (Security Update) Important Information Disclosure 5002228 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Office Web Apps Server 2013 Service Pack 1 5002261 (Security Update) Important Information Disclosure 5002214 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 5002235 (Security Update) Important Information Disclosure 5002062 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Enterprise Server 2016 5002305 (Security Update) Important Information Disclosure 5002287 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Server 2019 5002294 (Security Update) Important Information Disclosure 5002278 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Word 2013 RT Service Pack 1 5002217 (Security Update) Important Information Disclosure 5002187 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Word 2013 Service Pack 1 (32-bit editions) 5002217 (Security Update) Important Information Disclosure 5002187 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Word 2013 Service Pack 1 (64-bit editions) 5002217 (Security Update) Important Information Disclosure 5002187 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Word 2016 (32-bit edition) 5002223 (Security Update) Important Information Disclosure 5002184 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Word 2016 (64-bit edition) 5002223 (Security Update) Important Information Disclosure 5002184 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
SharePoint Server Subscription Edition Language Pack 5002291 (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41060 Rocco Calvi (@TecR0c)

CVE-2022-41103 - Microsoft Word Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41103
MITRE
NVD		 CVE Title: Microsoft Word Information Disclosure Vulnerability
CVSS:

CVSS:3.1 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Exploitation of the vulnerability requires that a user open a specially crafted file.

  • In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
  • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41103
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office Online Server 5002276 (Security Update) Important Information Disclosure 5002228 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Office Web Apps Server 2013 Service Pack 1 5002261 (Security Update) Important Information Disclosure 5002214 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 5002235 (Security Update) Important Information Disclosure 5002062 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Enterprise Server 2016 5002305 (Security Update) Important Information Disclosure 5002287 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Server 2019 5002294 (Security Update) Important Information Disclosure 5002278 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Server Subscription Edition 5002296 (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Word 2013 RT Service Pack 1 5002217 (Security Update) Important Information Disclosure 5002187 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Word 2013 Service Pack 1 (32-bit editions) 5002217 (Security Update) Important Information Disclosure 5002187 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Word 2013 Service Pack 1 (64-bit editions) 5002217 (Security Update) Important Information Disclosure 5002187 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Word 2016 (32-bit edition) 5002223 (Security Update) Important Information Disclosure 5002184 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Word 2016 (64-bit edition) 5002223 (Security Update) Important Information Disclosure 5002184 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
SharePoint Server Subscription Edition Language Pack 5002291 (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41103 Rocco Calvi (@TecR0c)

CVE-2022-41061 - Microsoft Word Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41061
MITRE
NVD		 CVE Title: Microsoft Word Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Are the updates for the Microsoft Office for Mac currently available?

The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41061
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft Office 2019 for Mac Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown
Microsoft Office LTSC for Mac 2021 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown
Microsoft Office Online Server 5002276 (Security Update) Important Remote Code Execution 5002228 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Office Web Apps Server 2013 Service Pack 1 5002261 (Security Update) Important Remote Code Execution 5002214 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 5002235 (Security Update) Important Remote Code Execution 5002062 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Enterprise Server 2016 5002305 (Security Update) Important Remote Code Execution 5002287 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Server 2019 5002294 (Security Update) Important Remote Code Execution 5002278 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Server Subscription Edition 5002296 (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Word 2013 RT Service Pack 1 5002217 (Security Update) Important Remote Code Execution 5002187 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Word 2013 Service Pack 1 (32-bit editions) 5002217 (Security Update) Important Remote Code Execution 5002187 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Word 2013 Service Pack 1 (64-bit editions) 5002217 (Security Update) Important Remote Code Execution 5002187 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Word 2016 (32-bit edition) 5002223 (Security Update) Important Remote Code Execution 5002184 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Word 2016 (64-bit edition) 5002223 (Security Update) Important Remote Code Execution 5002184 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
SharePoint Server Subscription Edition Language Pack 5002291 (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41061 Rocco Calvi (@TecR0c)

CVE-2022-41104 - Microsoft Excel Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41104
MITRE
NVD		 CVE Title: Microsoft Excel Security Feature Bypass Vulnerability
CVSS:

CVSS:3.1 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel.

  • In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
  • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.


What Security Feature might be bypassed by this vulnerability

The INDIRECT function's enable content check could be bypassed when exploited by this vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41104
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Security Feature Bypass None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Security Feature Bypass None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Excel 2013 RT Service Pack 1 5002275 (Security Update) Important Security Feature Bypass 5002242 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions) 5002275 (Security Update) Important Security Feature Bypass 5002242 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions) 5002275 (Security Update) Important Security Feature Bypass 5002242 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Excel 2016 (32-bit edition) 5002253 (Security Update) Important Security Feature Bypass 5002232 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Excel 2016 (64-bit edition) 5002253 (Security Update) Important Security Feature Bypass 5002232 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Security Feature Bypass None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Security Feature Bypass None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Security Feature Bypass None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Security Feature Bypass None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41104 jdgregson

CVE-2022-41105 - Microsoft Excel Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41105
MITRE
NVD		 CVE Title: Microsoft Excel Information Disclosure Vulnerability
CVSS:

CVSS:3.1 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure?

The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer which could leak data.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41105
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 No

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41105 Rocco Calvi (@TecR0c) with TecSecurity

CVE-2022-41062 - Microsoft SharePoint Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41062
MITRE
NVD		 CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

I am running SharePoint Enterprise Server 2013 Service Pack 1. Do I need to install both updates that are listed for SharePoint Enterprise Server 2013 Service Pack 1?

No. The Cumulative update for SharePoint Server 2013 includes the update for Foundation Server 2013. Customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013.

Please note that this is a clarification of the existing servicing model for SharePoint Server 2013 and applies for all previous updates.


According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

The attacker must be authenticated to the target site as at least a Site Member.


How could an attacker exploit the vulnerability?

In a network-based attack, an authenticated attacker as at least a Site Member could execute code remotely on the SharePoint Server.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41062
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 5002302 (Cumulative Update)
5002303 (Security Update)		 Important Remote Code Execution 5002283
5002284		 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Enterprise Server 2016 5002305 (Security Update) Important Remote Code Execution 5002287 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 5002303 (Security Update) Important Remote Code Execution 5002284 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Server 2019 5002294 (Security Update) Important Remote Code Execution 5002278 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft SharePoint Server Subscription Edition 5002296 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41062 Anonymous

CVE-2022-41106 - Microsoft Excel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41106
MITRE
NVD		 CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41106
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft Excel 2013 RT Service Pack 1 5002275 (Security Update) Important Remote Code Execution 5002242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions) 5002275 (Security Update) Important Remote Code Execution 5002242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions) 5002275 (Security Update) Important Remote Code Execution 5002242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Excel 2016 (32-bit edition) 5002253 (Security Update) Important Remote Code Execution 5002232 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Excel 2016 (64-bit edition) 5002253 (Security Update) Important Remote Code Execution 5002232 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft Office Online Server 5002276 (Security Update) Important Remote Code Execution 5002228 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Office Web Apps Server 2013 Service Pack 1 5002261 (Security Update) Important Remote Code Execution 5002214 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41106 Marcin "Icewall" Noga of Cisco Talos with Cisco Talos

CVE-2022-41063 - Microsoft Excel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41063
MITRE
NVD		 CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41063
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft Excel 2013 RT Service Pack 1 5002275 (Security Update) Important Remote Code Execution 5002242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions) 5002275 (Security Update) Important Remote Code Execution 5002242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions) 5002275 (Security Update) Important Remote Code Execution 5002242 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Excel 2016 (32-bit edition) 5002253 (Security Update) Important Remote Code Execution 5002232 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Excel 2016 (64-bit edition) 5002253 (Security Update) Important Remote Code Execution 5002232 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft Office Online Server 5002276 (Security Update) Important Remote Code Execution 5002228 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Office Web Apps Server 2013 Service Pack 1 5002261 (Security Update) Important Remote Code Execution 5002214 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41063 Rocco Calvi (@TecR0c) with TecSecurity

CVE-2022-41107 - Microsoft Office Graphics Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41107
MITRE
NVD		 CVE Title: Microsoft Office Graphics Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41107
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft Office 2019 for Mac Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 No
Microsoft Office LTSC for Mac 2021 Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Unknown

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41107 Mat Powell & Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

CVE-2022-41109 - Windows Win32k Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41109
MITRE
NVD		 CVE Title: Windows Win32k Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41109
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Elevation of Privilege 5016060 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41109 Yongil Lee with SSD Secure Disclosure

CVE-2022-41066 - Microsoft Business Central Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41066
MITRE
NVD		 CVE Title: Microsoft Business Central Information Disclosure Vulnerability
CVSS:

CVSS:3.1 4.4/3.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.


According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.


What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could use it to view integration secrets that are owned by a different partner.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41066
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Dynamics 365 Business Central 2022 Release Wave 1 5021002 (Security Update) Important Information Disclosure None Base: 4.4
Temporal: 3.9
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41066

CVE-2022-41113 - Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41113
MITRE
NVD		 CVE Title: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41113
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Elevation of Privilege 5016060 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41113 Anonymous

CVE-2022-41114 - Windows Bind Filter Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41114
MITRE
NVD		 CVE Title: Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.0/6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Upon successful exploitation, what privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain administrator privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41114
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Elevation of Privilege 5016060 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41114 k0shl with Kunlun Lab

CVE-2022-41116 - Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41116
MITRE
NVD		 CVE Title: Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
CVSS:

CVSS:3.1 5.9/5.2
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41116
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Denial of Service 5018454
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41116 Microsoft's Windows Servicing and Delivery Group - Network Security and Containers (NSC) Team

CVE-2022-41073 - Windows Print Spooler Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41073
MITRE
NVD		 CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Detected No Yes

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41073
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5020019 (Monthly Rollup)
5020005 (Security Only)		 Important Elevation of Privilege 5018450
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5020000 (Monthly Rollup)
5020013 (Security Only)		 Important Elevation of Privilege 5018454
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Elevation of Privilege 5016060 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41073 Microsoft Threat Intelligence Center (MSTIC)

CVE-2022-41118 - Windows Scripting Languages Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41118
MITRE
NVD		 CVE Title: Windows Scripting Languages Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 7.5/6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2?

While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.

To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


The CVE title says Windows Scripting Languages, what does that mean for this vulnerability?

This vulnerability impacts both the JScript9 and Chakra scripting languages.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41118
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Critical Remote Code Execution 5018425 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Critical Remote Code Execution 5018425 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Critical Remote Code Execution 5018411 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Critical Remote Code Execution 5018411 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Critical Remote Code Execution
5018410		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Critical Remote Code Execution 5018410
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Critical Remote Code Execution 5018410
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Critical Remote Code Execution Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Critical Remote Code Execution Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Critical Remote Code Execution Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Critical Remote Code Execution 5018418 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Critical Remote Code Execution 5018418 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Critical Remote Code Execution 5018427
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Critical Remote Code Execution 5018427
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)
5019958 (IE Cumulative)		 Critical Remote Code Execution 5018454
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)
5019958 (IE Cumulative)		 Critical Remote Code Execution 5018454
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)
5019958 (IE Cumulative)		 Critical Remote Code Execution 5018474
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)
5019958 (IE Cumulative)		 Critical Remote Code Execution 5018474
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020023 (Monthly Rollup) Critical Remote Code Execution
5018474		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5020000 (Monthly Rollup)
5020013 (Security Only)
5019958 (IE Cumulative)		 Critical Remote Code Execution 5018454
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)
5019958 (IE Cumulative)		 Critical Remote Code Execution 5018474
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Critical Remote Code Execution 5018411 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Critical Remote Code Execution 5018419
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Critical Remote Code Execution 5018421 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41118 Tim Cluff

CVE-2022-41119 - Visual Studio Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41119
MITRE
NVD		 CVE Title: Visual Studio Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41119
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Visual Studio 2022 version 17.0 Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Visual Studio 2022 version 17.2 Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Microsoft Visual Studio 2022 version 17.3 Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41119 goodbyeselene

CVE-2022-41125 - Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41125
MITRE
NVD		 CVE Title: Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-11-08T08:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Detected No Yes

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41125
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5019970 (Security Update) Important Elevation of Privilege 5018425 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege 5018410
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege
5018410		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for 32-bit Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for ARM64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 22H2 for x64-based Systems 5019959 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5019961 (Security Update) Important Elevation of Privilege 5018418 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5019980 (Security Update) Important Elevation of Privilege 5018427
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5020010 (Security Only) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5020009 (Monthly Rollup)
5020003 (Security Only)		 Important Elevation of Privilege 5018457
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5020023 (Monthly Rollup)
5020010 (Security Only)		 Important Elevation of Privilege 5018474
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5019964 (Security Update) Important Elevation of Privilege 5018411 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5019966 (Security Update) Important Elevation of Privilege 5018419
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5019081 (Security Update) Important Elevation of Privilege 5018421 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) 5019080 (Security Hotpatch Update) Important Elevation of Privilege 5016060 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41125
  • Microsoft Threat Intelligence Center (MSTIC)
  • Microsoft Security Response Center (MSRC)


    		•

    CVE-2022-3786 - OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2022-3786
    MITRE
    NVD    		 CVE Title: OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun
    CVSS:
    None
    FAQ:

    Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.


    Where can I find further guidance for this OpenSSL vulnerability?

    For more information and guidance see Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602).


    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2022-11-02T07:00:00    

    Information published.


    		 Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation More Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2022-3786
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Azure SDK for C++ Release Notes (Security Update) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    		 Maybe
    Microsoft Azure Kubernetes Service Release Notes (Security Update) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    		 Maybe
    vcpkg Release Notes (Security Update) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    		 Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2022-3786