OnlyFm252
Patch Tuesday Archive

Patch Tuesday October 2022

Total CVEs

85

Critical

13

Important

71

Exploited

1

Publicly Disclosed

1

All CVEs this month 85

CVE Title Severity CVSS Product Exploited Disclosed
CVE-2022-22035 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 Windows Point-to-Point Tunneling Protocol - -
CVE-2022-24504 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 Windows Point-to-Point Tunneling Protocol - -
CVE-2022-30198 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 Windows Point-to-Point Tunneling Protocol - -
CVE-2022-33634 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 Windows Point-to-Point Tunneling Protocol - -
CVE-2022-34689 Windows CryptoAPI Spoofing Vulnerability Critical 7.5 Windows CryptoAPI - -
CVE-2022-37968 Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability Critical 10 Azure Arc - -
CVE-2022-37976 Active Directory Certificate Services Elevation of Privilege Vulnerability Critical 8.8 Role: Active Directory Certificate Services; Active Directory Domain Services - -
CVE-2022-37979 Windows Hyper-V Elevation of Privilege Vulnerability Critical 7.8 Role: Windows Hyper-V - -
CVE-2022-38000 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 Windows Point-to-Point Tunneling Protocol - -
CVE-2022-38047 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 Windows Point-to-Point Tunneling Protocol - -
CVE-2022-38048 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 Microsoft Office - -
CVE-2022-41038 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical 8.8 Microsoft Office SharePoint - -
CVE-2022-41081 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 Windows Point-to-Point Tunneling Protocol - -
CVE-2022-33635 Windows GDI+ Remote Code Execution Vulnerability Important 7.8 Microsoft Graphics Component - -
CVE-2022-33645 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 Windows TCP/IP - -
CVE-2022-35770 Windows NTLM Spoofing Vulnerability Important 6.5 Windows NTLM - -
CVE-2022-35829 Service Fabric Explorer Spoofing Vulnerability Important 6.2 Service Fabric - -
CVE-2022-37965 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability Important 5.9 Remote Access Service Point-to-Point Tunneling Protocol - -
CVE-2022-37970 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 Windows DWM Core Library - -
CVE-2022-37971 Microsoft Windows Defender Elevation of Privilege Vulnerability Important 7.1 Windows Defender - -
CVE-2022-37973 Windows Local Session Manager (LSM) Denial of Service Vulnerability Important 7.7 Windows Local Session Manager (LSM) - -
CVE-2022-37974 Windows Mixed Reality Developer Tools Information Disclosure Vulnerability Important 6.5 Windows Perception Simulation Service - -
CVE-2022-37975 Windows Group Policy Elevation of Privilege Vulnerability Important 8.8 Windows Group Policy - -
CVE-2022-37977 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Important 6.5 Windows Local Security Authority Subsystem Service (LSASS) - -
CVE-2022-37978 Windows Active Directory Certificate Services Security Feature Bypass Important 7.5 Windows Active Directory Certificate Services - -
CVE-2022-37980 Windows DHCP Client Elevation of Privilege Vulnerability Important 7.8 Windows DHCP Client - -
CVE-2022-37981 Windows Event Logging Service Denial of Service Vulnerability Important 4.3 Windows Event Logging Service - -
CVE-2022-37982 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important 8.8 Microsoft WDAC OLE DB provider for SQL - -
CVE-2022-37983 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 Windows DWM Core Library - -
CVE-2022-37984 Windows WLAN Service Elevation of Privilege Vulnerability Important 7.8 Windows WLAN Service - -
CVE-2022-37985 Windows Graphics Component Information Disclosure Vulnerability Important 5.5 Microsoft Graphics Component - -
CVE-2022-37986 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 Microsoft Graphics Component - -
CVE-2022-37987 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Important 7.8 Client Server Run-time Subsystem (CSRSS) - -
CVE-2022-37988 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 Windows Kernel - -
CVE-2022-37989 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Important 7.8 Client Server Run-time Subsystem (CSRSS) - -
CVE-2022-37990 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 Windows Kernel - -
CVE-2022-37991 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 Windows Kernel - -
CVE-2022-37993 Windows Group Policy Preference Client Elevation of Privilege Vulnerability Important 7.8 Windows Group Policy Preference Client - -
CVE-2022-37994 Windows Group Policy Preference Client Elevation of Privilege Vulnerability Important 7.8 Windows Group Policy Preference Client - -
CVE-2022-37995 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 Windows Kernel - -
CVE-2022-37996 Windows Kernel Memory Information Disclosure Vulnerability Important 5.5 Windows NTFS - -
CVE-2022-37997 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 Microsoft Graphics Component - -
CVE-2022-37998 Windows Local Session Manager (LSM) Denial of Service Vulnerability Important 7.7 Windows Local Session Manager (LSM) - -
CVE-2022-37999 Windows Group Policy Preference Client Elevation of Privilege Vulnerability Important 7.8 Windows Group Policy Preference Client - -
CVE-2022-38001 Microsoft Office Spoofing Vulnerability Important 6.5 Microsoft Office - -
CVE-2022-38003 Windows Resilient File System Elevation of Privilege Important 7.8 Windows Resilient File System (ReFS) - -
CVE-2022-38016 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Important 8.8 Windows Local Security Authority (LSA) - -
CVE-2022-38017 StorSimple 8000 Series Elevation of Privilege Vulnerability Important 6.8 Azure - -
CVE-2022-38021 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Important 7 Windows Connected User Experiences and Telemetry - -
CVE-2022-38022 Windows Kernel Elevation of Privilege Vulnerability Important 3.3 Windows Kernel - -
CVE-2022-38025 Windows Distributed File System (DFS) Information Disclosure Vulnerability Important 5.5 Windows Distributed File System (DFS) - -
CVE-2022-38026 Windows DHCP Client Information Disclosure Vulnerability Important 5.5 Windows DHCP Client - -
CVE-2022-38027 Windows Storage Elevation of Privilege Vulnerability Important 7 Windows Storage - -
CVE-2022-38028 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 Windows Print Spooler Components - -
CVE-2022-38029 Windows ALPC Elevation of Privilege Vulnerability Important 7 Windows ALPC - -
CVE-2022-38030 Windows USB Serial Driver Information Disclosure Vulnerability Important 4.3 Windows USB Serial Driver - -
CVE-2022-38031 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important 8.8 Microsoft WDAC OLE DB provider for SQL - -
CVE-2022-38032 Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability Important 6.6 Windows Portable Device Enumerator Service - -
CVE-2022-38033 Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability Important 6.5 Windows Server Remotely Accessible Registry Keys - -
CVE-2022-38034 Windows Workstation Service Elevation of Privilege Vulnerability Important 8.8 Windows Workstation Service - -
CVE-2022-38036 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Important 7.5 Windows Internet Key Exchange (IKE) Protocol - -
CVE-2022-38037 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 Windows Kernel - -
CVE-2022-38038 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 Windows Kernel - -
CVE-2022-38039 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 Windows Kernel - -
CVE-2022-38040 Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8.8 Windows ODBC Driver - -
CVE-2022-38041 Windows Secure Channel Denial of Service Vulnerability Important 7.5 Windows Secure Channel - -
CVE-2022-38042 Active Directory Domain Services Elevation of Privilege Vulnerability Important 7.1 Active Directory Domain Services - -
CVE-2022-38043 Windows Security Support Provider Interface Information Disclosure Vulnerability Important 5.5 Windows Security Support Provider Interface - -
CVE-2022-38044 Windows CD-ROM File System Driver Remote Code Execution Vulnerability Important 7.8 Windows CD-ROM Driver - -
CVE-2022-38045 Windows Server Service Elevation of Privilege Vulnerability Important 8.8 Windows Server Service - -
CVE-2022-38046 Web Account Manager Information Disclosure Vulnerability Important 7.5 Windows Web Account Manager - -
CVE-2022-38049 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 Microsoft Office Word - -
CVE-2022-38050 Win32k Elevation of Privilege Vulnerability Important 7.8 Windows Win32K - -
CVE-2022-38051 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 Microsoft Graphics Component - -
CVE-2022-38053 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 Microsoft Office SharePoint - -
CVE-2022-41031 Microsoft Word Remote Code Execution Vulnerability Important 7.8 Microsoft Office Word - -
CVE-2022-41032 NuGet Client Elevation of Privilege Vulnerability Important 7.8 NuGet Client - -
CVE-2022-41033 Windows COM+ Event System Service Elevation of Privilege Vulnerability Important 7.8 Windows COM+ Event System Service Yes -
CVE-2022-41034 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 Visual Studio Code - -
CVE-2022-41036 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 Microsoft Office SharePoint - -
CVE-2022-41037 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 Microsoft Office SharePoint - -
CVE-2022-41042 Visual Studio Code Information Disclosure Vulnerability Important 7.4 Visual Studio Code - -
CVE-2022-41043 Microsoft Office Information Disclosure Vulnerability Important 3.3 Microsoft Office - Yes
CVE-2022-41083 Visual Studio Code Elevation of Privilege Vulnerability Important 7.8 Visual Studio Code - -
CVE-2022-41035 Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate 5.3 Microsoft Edge (Chromium-based) - -

    Threat Categories 6

    Threat Category CVEs Critical
    Elevation of Privilege 39 3
    Remote Code Execution 20 9
    Information Disclosure 11 -
    Denial of Service 8 -
    Spoofing 5 1
    Security Feature Bypass 2 -

    Affected Products 53

    Product CVEs Exploited
    Windows Kernel 8 -
    Windows Point-to-Point Tunneling Protocol 7 -
    Microsoft Graphics Component 5 -
    Microsoft Office SharePoint 4 -
    Microsoft Office 3 -
    Windows Group Policy Preference Client 3 -
    Visual Studio Code 3 -
    Windows DWM Core Library 2 -
    Windows Local Session Manager (LSM) 2 -
    Windows DHCP Client 2 -
    Microsoft WDAC OLE DB provider for SQL 2 -
    Client Server Run-time Subsystem (CSRSS) 2 -
    Microsoft Office Word 2 -
    Windows CryptoAPI 1 -
    Azure Arc 1 -
    Role: Active Directory Certificate Services; Active Directory Domain Services 1 -
    Role: Windows Hyper-V 1 -
    Windows TCP/IP 1 -
    Windows NTLM 1 -
    Service Fabric 1 -
    Remote Access Service Point-to-Point Tunneling Protocol 1 -
    Windows Defender 1 -
    Windows Perception Simulation Service 1 -
    Windows Group Policy 1 -
    Windows Local Security Authority Subsystem Service (LSASS) 1 -
    Windows Active Directory Certificate Services 1 -
    Windows Event Logging Service 1 -
    Windows WLAN Service 1 -
    Windows NTFS 1 -
    Windows Resilient File System (ReFS) 1 -
    Windows Local Security Authority (LSA) 1 -
    Azure 1 -
    Windows Connected User Experiences and Telemetry 1 -
    Windows Distributed File System (DFS) 1 -
    Windows Storage 1 -
    Windows Print Spooler Components 1 -
    Windows ALPC 1 -
    Windows USB Serial Driver 1 -
    Windows Portable Device Enumerator Service 1 -
    Windows Server Remotely Accessible Registry Keys 1 -
    Windows Workstation Service 1 -
    Windows Internet Key Exchange (IKE) Protocol 1 -
    Windows ODBC Driver 1 -
    Windows Secure Channel 1 -
    Active Directory Domain Services 1 -
    Windows Security Support Provider Interface 1 -
    Windows CD-ROM Driver 1 -
    Windows Server Service 1 -
    Windows Web Account Manager 1 -
    Windows Win32K 1 -
    NuGet Client 1 -
    Windows COM+ Event System Service 1 1
    Microsoft Edge (Chromium-based) 1 -