OnlyFm252
Patch Tuesday Archive

Patch Tuesday November 2022

Total CVEs

63

Critical

9

Important

54

Exploited

5

Publicly Disclosed

1

All CVEs this month 63

CVE Title Severity CVSS Product Exploited Disclosed
CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability Critical 8.1 Windows Kerberos - -
CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability Critical 7.2 Windows Kerberos - -
CVE-2022-38015 Windows Hyper-V Denial of Service Vulnerability Critical 6.5 Role: Windows Hyper-V - -
CVE-2022-41039 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 Windows Point-to-Point Tunneling Protocol - -
CVE-2022-41044 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 Windows Point-to-Point Tunneling Protocol - -
CVE-2022-41080 Microsoft Exchange Server Elevation of Privilege Vulnerability Critical 8.8 Microsoft Exchange Server - -
CVE-2022-41088 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 Windows Point-to-Point Tunneling Protocol - -
CVE-2022-41118 Windows Scripting Languages Remote Code Execution Vulnerability Critical 7.5 Windows Scripting - -
CVE-2022-41128 Windows Scripting Languages Remote Code Execution Vulnerability Critical 8.8 Windows Scripting Yes -
ADV220003 Microsoft Defense in Depth Update Important - Microsoft Office - -
CVE-2022-37992 Windows Group Policy Elevation of Privilege Vulnerability Important 7.8 Windows Group Policy Preference Client - -
CVE-2022-38014 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability Important 7 Linux Kernel - -
CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability Important 8.1 Windows Netlogon - -
CVE-2022-41045 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Important 7.8 Windows ALPC - -
CVE-2022-41047 Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8.8 Windows ODBC Driver - -
CVE-2022-41048 Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8.8 Windows ODBC Driver - -
CVE-2022-41049 Windows Mark of the Web Security Feature Bypass Vulnerability Important 5.4 Windows Mark of the Web (MOTW) Yes -
CVE-2022-41050 Windows Extensible File Allocation Table Elevation of Privilege Vulnerability Important 7.8 Windows Extensible File Allocation - -
CVE-2022-41051 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 Azure Real Time Operating System - -
CVE-2022-41052 Windows Graphics Component Remote Code Execution Vulnerability Important 7.8 Microsoft Graphics Component - -
CVE-2022-41053 Windows Kerberos Denial of Service Vulnerability Important 7.5 Windows Kerberos - -
CVE-2022-41054 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important 7.8 Windows Resilient File System (ReFS) - -
CVE-2022-41055 Windows Human Interface Device Information Disclosure Vulnerability Important 5.5 Windows Devices Human Interface - -
CVE-2022-41056 Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability Important 7.5 Network Policy Server (NPS) - -
CVE-2022-41057 Windows HTTP.sys Elevation of Privilege Vulnerability Important 7.8 Windows HTTP.sys - -
CVE-2022-41058 Windows Network Address Translation (NAT) Denial of Service Vulnerability Important 7.5 Windows Network Address Translation (NAT) - -
CVE-2022-41060 Microsoft Word Information Disclosure Vulnerability Important 5.5 Microsoft Office Word - -
CVE-2022-41061 Microsoft Word Remote Code Execution Vulnerability Important 7.8 Microsoft Office Word - -
CVE-2022-41062 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 Microsoft Office SharePoint - -
CVE-2022-41063 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2022-41064 .NET Framework Information Disclosure Vulnerability Important 5.8 .NET Framework - -
CVE-2022-41066 Microsoft Business Central Information Disclosure Vulnerability Important 4.4 Microsoft Dynamics - -
CVE-2022-41073 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 Windows Print Spooler Components Yes -
CVE-2022-41078 Microsoft Exchange Server Spoofing Vulnerability Important 8 Microsoft Exchange Server - -
CVE-2022-41079 Microsoft Exchange Server Spoofing Vulnerability Important 8 Microsoft Exchange Server - -
CVE-2022-41085 Azure CycleCloud Elevation of Privilege Vulnerability Important 7.5 Azure - -
CVE-2022-41086 Windows Group Policy Elevation of Privilege Vulnerability Important 6.4 Windows Group Policy Preference Client - -
CVE-2022-41090 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability Important 5.9 Windows Point-to-Point Tunneling Protocol - -
CVE-2022-41091 Windows Mark of the Web Security Feature Bypass Vulnerability Important 5.4 Windows Mark of the Web (MOTW) Yes Yes
CVE-2022-41092 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 Windows Win32K - -
CVE-2022-41093 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Important 7.8 Windows Advanced Local Procedure Call - -
CVE-2022-41095 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 Windows Digital Media - -
CVE-2022-41096 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 Windows DWM Core Library - -
CVE-2022-41097 Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability Important 6.5 Network Policy Server (NPS) - -
CVE-2022-41098 Windows GDI+ Information Disclosure Vulnerability Important 5.5 Windows Win32K - -
CVE-2022-41099 BitLocker Security Feature Bypass Vulnerability Important 4.6 Windows BitLocker - -
CVE-2022-41100 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Important 7.8 Windows ALPC - -
CVE-2022-41101 Windows Overlay Filter Elevation of Privilege Vulnerability Important 7.8 Windows Overlay Filter - -
CVE-2022-41102 Windows Overlay Filter Elevation of Privilege Vulnerability Important 7.8 Windows Overlay Filter - -
CVE-2022-41103 Microsoft Word Information Disclosure Vulnerability Important 5.5 Microsoft Office Word - -
CVE-2022-41104 Microsoft Excel Security Feature Bypass Vulnerability Important 5.5 Microsoft Office Excel - -
CVE-2022-41105 Microsoft Excel Information Disclosure Vulnerability Important 5.5 Microsoft Office - -
CVE-2022-41106 Microsoft Excel Remote Code Execution Vulnerability Important 8.8 Microsoft Office Excel - -
CVE-2022-41107 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 Microsoft Office - -
CVE-2022-41109 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 Windows Win32K - -
CVE-2022-41113 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Important 7.8 Microsoft Graphics Component - -
CVE-2022-41114 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important 7 Windows Bind Filter Driver - -
CVE-2022-41116 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability Important 5.9 Windows Point-to-Point Tunneling Protocol - -
CVE-2022-41119 Visual Studio Remote Code Execution Vulnerability Important 7.8 Visual Studio - -
CVE-2022-41120 Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability Important 7.8 SysInternals - -
CVE-2022-41122 Microsoft SharePoint Server Spoofing Vulnerability Important 6.5 Microsoft Office SharePoint - -
CVE-2022-41123 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 Microsoft Exchange Server - -
CVE-2022-41125 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Important 7.8 Windows CNG Key Isolation Service Yes -

    Threat Categories 7

    Threat Category CVEs Critical
    Elevation of Privilege 26 3
    Remote Code Execution 15 5
    Information Disclosure 8 -
    Denial of Service 6 1
    Security Feature Bypass 4 -
    Spoofing 3 -
    Defense in Depth 1 -

    Affected Products 37

    Product CVEs Exploited
    Windows Point-to-Point Tunneling Protocol 5 -
    Microsoft Exchange Server 4 -
    Windows Kerberos 3 -
    Microsoft Office 3 -
    Microsoft Office Word 3 -
    Microsoft Office Excel 3 -
    Windows Win32K 3 -
    Windows Scripting 2 1
    Windows Group Policy Preference Client 2 -
    Windows ALPC 2 -
    Windows ODBC Driver 2 -
    Windows Mark of the Web (MOTW) 2 2
    Microsoft Graphics Component 2 -
    Network Policy Server (NPS) 2 -
    Microsoft Office SharePoint 2 -
    Windows Overlay Filter 2 -
    Role: Windows Hyper-V 1 -
    Linux Kernel 1 -
    Windows Netlogon 1 -
    Windows Extensible File Allocation 1 -
    Azure Real Time Operating System 1 -
    Windows Resilient File System (ReFS) 1 -
    Windows Devices Human Interface 1 -
    Windows HTTP.sys 1 -
    Windows Network Address Translation (NAT) 1 -
    .NET Framework 1 -
    Microsoft Dynamics 1 -
    Windows Print Spooler Components 1 1
    Azure 1 -
    Windows Advanced Local Procedure Call 1 -
    Windows Digital Media 1 -
    Windows DWM Core Library 1 -
    Windows BitLocker 1 -
    Windows Bind Filter Driver 1 -
    Visual Studio 1 -
    SysInternals 1 -
    Windows CNG Key Isolation Service 1 1