Security Guidance

Microsoft Patch Tuesday: October 2022

October 13, 2022

Microsoft Patch Tuesday

Microsoft Patch Tuesday: October 2022

With the October Microsoft Patch Tuesday release here, it seems like there’s a lot to digest. With 84 total vulnerabilities, the key figure for this month is the 13 critical vulnerabilities that were patched. Luckily, both publicly disclosed and exploited in the wild remain low with 2 and 1 respectively. 

October’s instalment includes patches for some key services such as:

  • Active Directory Domain Services
  • Azure Arc
  • Microsoft Office
  • Role: Windows Hyper-V
  • Visual Studio Code
  • Windows Defender
  • Windows Event Logging Service
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows Kernel
  • Windows Local Security Authority (LSA)
  • Windows Print Spooler Components
  • Windows Security Support Provider Interface
  • Windows Server Service
  • Windows Storage
  • Windows TCP/IP
CVE-2022-41038: Microsoft SharePoint Server Remote Code Execution Vulnerability

Scoring a CVSS of 8.8, this critical vulnerability would allow an attacker to remotely execute code on a SharePoint server. fortunately, this could only occur if the attacker was authenticated to the target site and had permission to use the Manage List within SharePoint. Three additional less severe remote code execution vulnerabilities with SharePoint were patched this month: CVE-2022-41037, CVE-2022-41036, and CVE-2022-38053

CVE-2022-41033: Windows COM+ Event System Service Elevation of Privilege Vulnerability

COM+ is the primary unit of administration and security for Component Services, exploiting this vulnerability would allow an attacker to gain system privileges. Exploiting this vulnerability would need the attacker to exploit a remote code execution vulnerability. This is the only vulnerability seen to be exploited in the wild this month.

CVE-2022-37968: Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability

Achieving the highest possible threat score, this 10.0 critical vulnerability is within the cluster connect feature of the Azure Arc-enabled Kubernetes cluster. Microsoft has stated exploitation is unlikely as an attacker would need to know the randomly generated external DNS endpoint for a cluster. If this is achieved then an unauthenticated attacker could become a cluster admin.

For a full list of this month’s updates please see the links below:

Patch Tuesday release notes:

Security update guide:


Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.

Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.

Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.


Ironshare is a provider of Information and Cyber Security services.

we went with; wizard pi