October 12, 2022
October is here and you can “be-leaf” that there are plenty of new vulnerabilities to patch this month! The number of patched threats announced by Microsoft totals 84, including 13 deemed as Critical and two zero-days. There are also two previously known issues that have not yet been patched.
The standout this month is the actively exploited zero-day threat identified as CVE-2022-41033, which has the descriptive (if wordy) title “Windows COM+ Event System Service Elevation of Privilege Vulnerability”. To exploit this vulnerability, the attacker would already need local access to the Windows machine. With such access an attacker would be able to use a lower privileged account to take over the system and potentially expand into other areas in the network. For those familiar with the MITRE ATT&CK framework, this particular bug allows malicious users to gain higher-level permissions on the machine through one of the Privilege Escalation techniques.
Before you turn over a new leaf, remember that this month’s Patch Tuesday release is also notable for what it does not contain. There are two actively exploited issues, known as “ProxyNotShell”, in Microsoft Exchange Server which have not yet been patched. Microsoft is said to be expediting official patches for the issues but nothing has been released yet. Something tells us we’ll be saying “fall-elujah” when those patches finally come out!
As always, Balbix can identify all affected assets within 1 hour of release. There are no scans to run. Balbix customers simply search for the CVE name in their Balbix dashboard to view the list of affected assets. Users can also use the filtered search functionality to search for the CVE by site, subnet, location, or other distinguishing factors.