
Microsoft patched 65 CVEs(Including OpenSSL released earlier in the month) in its November 2022 Patch Tuesday release, with 11 rated as critical, and 53 rated as important. 6 actively exploited Zeroday vulnerabilities also fixed

This month’s update includes patches for:
- .NET Framework
- AMD CPU Branch
- Azure
- Azure Real Time Operating System
- Linux Kernel
- Microsoft Dynamics
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Office
- Microsoft Office Excel
- Microsoft Office SharePoint
- Microsoft Office Word
- Network Policy Server (NPS)
- Open Source Software
- Role: Windows Hyper-V
- SysInternals
- Visual Studio
- Windows Advanced Local Procedure Call
- Windows ALPC
- Windows Bind Filter Driver
- Windows BitLocker
- Windows CNG Key Isolation Service
- Windows Devices Human Interface
- Windows Digital Media
- Windows DWM Core Library
- Windows Extensible File Allocation
- Windows Group Policy Preference Client
- Windows HTTP.sys
- Windows Kerberos
- Windows Mark of the Web (MOTW)
- Windows Netlogon
- Windows Network Address Translation (NAT)
- Windows ODBC Driver
- Windows Overlay Filter
- Windows Point-to-Point Tunneling Protocol
- Windows Print Spooler Components
- Windows Resilient File System (ReFS)
- Windows Scripting
- Windows Win32K
Microsoft updated the advisory pages for CVE-2022-41040 and CVE-2022-41082 (ProxyNotShell) indicating that patches are now available along with this month’s Security Updates.
Windows Scripting Languages Remote Code Execution Vulnerability
CVE-2022-41118 and CVE-2022-41128 are RCE vulnerabilities affecting the JScript9 and Chakra scripting languages. CVE-2022-41128 has a CVSSv3 score of 8.8 and only impacts the JScript9 scripting language. It has been exploited in the wild and successful exploitation requires a user with an affected version of Windows to visit a malicious, attacker-controlled server.
CVE-2022-41118 on the other hand, has a CVSSv3 score of 7.5 and has not been observed to be exploited. An attacker would need to convince a user to connect to a malicious server hosting a specially crafted website as well as win a race condition. Despite these barriers for exploitation, Microsoft still rated CVE-2022-41118 as Exploitation More Likely.
Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2022-41049 and CVE-2022-41091 are security feature bypass vulnerabilities affecting Windows Mark of the Web (MoTW). It is a security feature used to tag files downloaded from the internet and prevent them from performing certain actions. Files flagged with MoTW would be opened in Protected View in Microsoft Office prompting users with a security warning banner asking them to confirm the document is trusted by selecting Enable content. A malicious actor could craft a file that could bypass MoTW resulting in a limited loss of integrity and availability of security features such as Protected View.
CVE-2022-41091 has been exploited in the wild and for which exploit code is publicly available. CVE-2022-41049 on the other hand has not been exploited in the wild but is rated Exploitation More Likely. Both CVEs were given CVSSv3 scores of 5.4 and require user interaction, an attacker would need to entice a victim into opening the crafted file.
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-41080 vulnerability has a CVSSv3.1 score of 8.8 and rated as Exploitation More Likely. The technical details are unknown, and an exploit is not publicly available. Applying a patch can eliminate this problem. Customers are advised to update their Exchange Server systems immediately, regardless of whether any previously recommended mitigation steps have been applied. The mitigation rules are no longer recommended once systems have been patched.
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-41073 is an EoP vulnerability affecting the Windows Print Spooler service. The vulnerability carries a CVSSv3 score of 7.8 This flaw has been exploited in the wild, according to Microsoft, and could allow a low privileged user to gain SYSTEM level privileges.
The Windows Print Spooler service continues to gain interest from researchers and attackers alike since PrintNightmare (CVE-2021-34527) was disclosed in July of 2021. Since then, a slew of vulnerabilities has been reported including another EoP (CVE-2022-38028) in last month’s Patch Tuesday release.
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2022-41125 is an EoP vulnerability in the Windows Cryptography Next Generation (CNG) Key Isolation Service used for Windows cryptographic support and operations. With a CVSSv3 score of 7.8, successful exploitation would allow an attacker to gain SYSTEM privileges. While no additional details were provided in the advisory, this vulnerability has reportedly been exploited in the wild.
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
CVE-2022-37966 vulnerability has a CVSSv3.1 score of 8.1 and rated Exploitation more likely. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. An attacker who successfully exploited this vulnerability could gain administrator privileges. An unauthenticated attacker could conduct an attack that could leverage cryptographic protocol vulnerabilities in RFC 4757 (Kerberos encryption type RC4-HMAC-MD5) and MS-PAC (Privilege Attribute Certificate Data Structure specification) to bypass security features in a Windows AD environment.
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-41044, cve-2022-41008 vulnerability has a CVSSv3.1 score of 8.1 and rated exploitation less likely. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.
Open SSL X.509 certificate verification buffer overrun
This month Microsoft also released patches for a pair of recently disclosed vulnerabilities impacting OpenSSL, a widely used open-source library for cryptographic implementation of secure socket layer and transport layer security protocols. These updates are available for Azure SDK for C++, Microsoft Azure Kubernetes Service, and Vcpkg
Microsoft also released a Defense in Depth Update (ADV220003) for Microsoft Office and advisories attributed to AMD and GitHub We did not include these advisories in our overall Patch Tuesday counts.
Below is the full list of CVEs patched in this month
CVE ID | CVE Title | Severity |
CVE-2022-39327 | GitHub: CVE-2022-39327 Improper Control of Generation of Code (‘Code Injection’) in Azure CLI | Critical |
CVE-2022-41040 | Microsoft Exchange Information Disclosure Vulnerability | Critical |
CVE-2022-41080 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
CVE-2022-38015 | Windows Hyper-V Denial of Service Vulnerability | Critical |
CVE-2022-37967 | Windows Kerberos Elevation of Privilege Vulnerability | Critical |
CVE-2022-37966 | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | Critical |
CVE-2022-41044 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
CVE-2022-41039 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
CVE-2022-41088 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
CVE-2022-41118 | Windows Scripting Languages Remote Code Execution Vulnerability | Critical |
CVE-2022-41128 | Windows Scripting Languages Remote Code Execution Vulnerability | Critical |
CVE-2022-41064 | .NET Framework Information Disclosure Vulnerability | Important |
CVE-2022-23824 | AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions | Important |
CVE-2022-41085 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
CVE-2022-41051 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
CVE-2022-38014 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | Important |
CVE-2022-41066 | Microsoft Business Central Information Disclosure Vulnerability | Important |
CVE-2022-41082 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
CVE-2022-41078 | Microsoft Exchange Server Spoofing Vulnerability | Important |
CVE-2022-41079 | Microsoft Exchange Server Spoofing Vulnerability | Important |
CVE-2022-41123 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
CVE-2022-41113 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
CVE-2022-41052 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
ADV220003 | Microsoft Defense in Depth Update | Important |
CVE-2022-41105 | Microsoft Excel Information Disclosure Vulnerability | Important |
CVE-2022-41107 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
CVE-2022-41104 | Microsoft Excel Security Feature Bypass Vulnerability | Important |
CVE-2022-41063 | Microsoft Excel Remote Code Execution Vulnerability | Important |
CVE-2022-41106 | Microsoft Excel Remote Code Execution Vulnerability | Important |
CVE-2022-41122 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
CVE-2022-41062 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
CVE-2022-41103 | Microsoft Word Information Disclosure Vulnerability | Important |
CVE-2022-41061 | Microsoft Word Remote Code Execution Vulnerability | Important |
CVE-2022-41060 | Microsoft Word Information Disclosure Vulnerability | Important |
CVE-2022-41056 | Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability | Important |
CVE-2022-41097 | Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability | Important |
CVE-2022-41120 | Microsoft Windows Sysmon Elevation of Privilege Vulnerability | Important |
CVE-2022-39253 | GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default | Important |
CVE-2022-41119 | Visual Studio Remote Code Execution Vulnerability | Important |
CVE-2022-41093 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important |
CVE-2022-41045 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important |
CVE-2022-41100 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important |
CVE-2022-41114 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | Important |
CVE-2022-41099 | BitLocker Security Feature Bypass Vulnerability | Important |
CVE-2022-41125 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Important |
CVE-2022-41055 | Windows Human Interface Device Information Disclosure Vulnerability | Important |
CVE-2022-41095 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | Important |
CVE-2022-41096 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important |
CVE-2022-41050 | Windows Extensible File Allocation Table Elevation of Privilege Vulnerability | Important |
CVE-2022-37992 | Windows Group Policy Elevation of Privilege Vulnerability | Important |
CVE-2022-41086 | Windows Group Policy Elevation of Privilege Vulnerability | Important |
CVE-2022-41057 | Windows HTTP.sys Elevation of Privilege Vulnerability | Important |
CVE-2022-41053 | Windows Kerberos Denial of Service Vulnerability | Important |
CVE-2022-41049 | Windows Mark of the Web Security Feature Bypass Vulnerability | Important |
CVE-2022-41091 | Windows Mark of the Web Security Feature Bypass Vulnerability | Important |
CVE-2022-38023 | Netlogon RPC Elevation of Privilege Vulnerability | Important |
CVE-2022-41058 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
CVE-2022-41047 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
CVE-2022-41048 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
CVE-2022-41101 | Windows Overlay Filter Elevation of Privilege Vulnerability | Important |
CVE-2022-41102 | Windows Overlay Filter Elevation of Privilege Vulnerability | Important |
CVE-2022-41116 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | Important |
CVE-2022-41090 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | Important |
CVE-2022-41073 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
CVE-2022-41054 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
CVE-2022-41092 | Windows Win32k Elevation of Privilege Vulnerability | Important |
CVE-2022-41109 | Windows Win32k Elevation of Privilege Vulnerability | Important |
CVE-2022-41098 | Windows GDI+ Information Disclosure Vulnerability | Important |
CVE-2022-3786 | OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun | Unknown |
CVE-2022-3602 | OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun | Unknown |