With the October Microsoft Patch Tuesday release here, it seems like there’s a lot to digest. With 84 total vulnerabilities, the key figure for this month is the 13 critical vulnerabilities that were patched. Luckily, both publicly disclosed and exploited in the wild remain low with 2 and 1 respectively.
October’s instalment includes patches for some key services such as:
Scoring a CVSS of 8.8, this critical vulnerability would allow an attacker to remotely execute code on a SharePoint server. fortunately, this could only occur if the attacker was authenticated to the target site and had permission to use the Manage List within SharePoint. Three additional less severe remote code execution vulnerabilities with SharePoint were patched this month: CVE-2022-41037, CVE-2022-41036, and CVE-2022-38053
COM+ is the primary unit of administration and security for Component Services, exploiting this vulnerability would allow an attacker to gain system privileges. Exploiting this vulnerability would need the attacker to exploit a remote code execution vulnerability. This is the only vulnerability seen to be exploited in the wild this month.
Achieving the highest possible threat score, this 10.0 critical vulnerability is within the cluster connect feature of the Azure Arc-enabled Kubernetes cluster. Microsoft has stated exploitation is unlikely as an attacker would need to know the randomly generated external DNS endpoint for a cluster. If this is achieved then an unauthenticated attacker could become a cluster admin.
For a full list of this month’s updates please see the links below:
Patch Tuesday release notes: https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct
Security update guide: https://msrc.microsoft.com/update-guide/
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
