Today is the second Tuesday of November 2022 and it’s time to check out the latest security updates from Microsoft. As part of this month’s patch update, Microsoft Fixes 68 vulnerabilities that impact several products in its portfolio. Where 11 of them are classified as ‘Critical’ as they allow Elevation of Privilege (EoP), Remote Code Execution (RCE), and Spoofing, and only one is rated Moderate in severity, 55 as Important, and 2 OpenSSL vulnerabilities are flagged as High severity.
Microsoft November 2022 Patch Tuesday
With today’s update, Microsoft patched several flaws in its software, including Denial of Service (DoS), Elevation of Privilege, Information Disclosure, Microsoft Edge (Chromium-based), Remote Code Execution (RCE), Security Feature Bypass, Spoofing and Tampering.
The number of bugs in each vulnerability category is listed below:
- 27 Elevation of Privilege Vulnerabilities
- 4 Security Feature Bypass Vulnerabilities
- 16 Remote Code Execution Vulnerabilities
- 11 Information Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 3 Spoofing Vulnerabilities
A crucial part of this month’s security updates consists of patches for six actively exploited zero-day vulnerabilities, one of which was publicly disclosed.
The most severe flaws consist of code injection, the elevation of privilege, denial of service (DoS) and remote code execution vulnerabilities affecting products such as Azure, Microsoft Exchange Server, Hyper-V, Kerberos, and Windows’ Point-to-Point Tunneling (PPTP) protocol.
- CVE-2022-41040(Microsoft Exchange Server Elevation of Privilege Vulnerability) –Server-side request forgery (SSRF) vulnerability, allows remote code execution (RCE)
- CVE-2022-41073(Windows Print Spooler Elevation of Privilege Vulnerability) – Elevation of Privilege (EoP) vulnerability, could let attackers gain SYSTEM privileges on compromised devices
- CVE-2022-41082(Microsoft Exchange Server Remote Code Execution Vulnerability) –Allows remote code execution (RCE) if the attacker can access Exchange PowerShell
- CVE-2022-41091(Windows Mark of the Web Security Feature Bypass Vulnerability) –Attackers could bypass Windows “Mark of the Web” (MOTW) security feature by crafting a malicious file
- CVE-2022-41125(Windows CNG Key Isolation Service Elevation of Privilege Vulnerability) –Exploiting this vulnerability would grant attackers SYSTEM privileges on compromised devices
- CVE-2022-41128(Windows Scripting Languages Remote Code Execution Vulnerability) –Affecting the JScript9 scripting language, this vulnerability could let attackers perform remote code execution; it requires user interaction, in the form of the victim visiting a malicious server
Recent updates from other companies
Other vendors who released updates in November 2022 include:
- Apple released Xcode 14.1 with numerous security updates.
- Cisco released security updates for numerous products this month.
- Citrix released security updates for a ‘Critical’ authentication bypass in Citrix ADA and Gateway.
- Google released Android’s November security updates.
- Intel released the November 2022 security updates.
- OpenSSL released security updates for CVE-2022-3602 and CVE-2022-3786.
- SAP has released its November 2022 Patch Day updates.
Windows security updates
In addition to Microsoft security updates, this November 2022 Patch Tuesday update also brought Windows 11 and Windows 10 cumulative updates. That includes KB5019980 and KB5019961 for windows 11 and KB5019959 for windows 10 version 22H2. So if you are running any of these windows versions make sure you update them as you install the new patches.
Windows 11 KB5019980 and KB5019961
With today’s update KB5019980 and KB5019961 for Windows 11 versions 22H2 and 21H2, Microsoft Fixes an issue that is affecting Microsoft Edge. According to the description,
Addresses an issue that affects Microsoft Edge when it is in IE Mode. The titles of pop-up windows and tabs are wrong. or stops the credential UI from displaying in IE mode when you use Microsoft Edge.
Some more bug fixes and improvements included:
Today’s update improved the Search feature on the taskbar, and now also allows users to access the Task Manager with a simple right click.
Microsoft has also started rolling out “search visual treatments” on the taskbar to improve discoverability.
You can now manage your Microsoft OneDrive subscription and related storage alerts in the section dedicated to your Microsoft account.
Microsoft is also rolling out an enhanced backup experience when using a Microsoft Account on Windows 11.
The company also claims that the update fix the problem with audio synchronization when recording with the Xbox Game Bar.
Microsoft also issued a fix for File Explorer, fixes for the corrupted display outputs, and a couple of fixes for Microsoft Edge’s IE Mode, XDA Developers says.
Additionally, today’s update fixes the bug that causes Microsoft Direct3D 9 games to stop working for Xbox if the hardware does not have a native Direct 3D 9 driver.
Moreover, the update also stops the start of daylight saving time in Jordan at the end of October 2022, which permanently shifts it to the UTC + 3 time zone,
You can read the complete changelog Microsoft support blog here.
Windows 10 KB5019959
Cumulative update KB5019959 for Windows 10, This update contains miscellaneous security improvements to internal OS functionality.
Today’s update for windows 10 devices addresses an issue that causes an OS upgrade to stop responding, and then it fails.
Also, there are bug fixes for Microsoft Direct3D 9 games where the graphics hardware stops working if the hardware does not have a native Direct3D 9 driver.
Microsoft noted, addresses graphical issues in games that use Microsoft D3D9 on some platforms.
A Bug affects Microsoft Edge when it is in IE Mode where The titles of pop-up windows and tabs are wrong or It stops you from opening webpages now fixed.
It addresses a DCOM issue that affects the Remote Procedure Call Service (rpcss.exe)
Resolve an issue that affects a remote desktop virtual desktop infrastructure (VDI) scenario. The session might use the wrong time zone.
You can read the complete changelog Microsoft support blog here.
Download the Windows 10 Cumulative update
All these Security updates Automatically download and get installed on your device via Windows update. If your device has not received it yet open Settings, Update & Security and Check for updates. Once done restart your Device to apply the updates.
- Windows 11 KB5019980 (Version 22H2) offline installer Direct Download Link 64-bit.
- Windows 11 KB5019961 (Version 21H2) offline installer Direct Download Link 64-bit.
- Windows 10 KB5019959 (For versions 21H2 and 21H1) Direct Download Links: 64-bit and 32-bit (x86).
- Windows 10 KB5019966 64-bit | Download and 32-bit | Download
The above link directly open the Microsoft Update Catalog which is the library of Windows Update offline installers. You need to click on the ‘Download’ button next to the version of the OS installed on your machine and run the .msu files to begin the installation of the update.
If you face any difficulty while installing these updates check how to fix Windows 10 Update installation problems.
- WiFi disconnects automatically after the windows 10 update? Try these solutions
- How To Flush and Reset the DNS Cache in Windows 10
- How To Uninstall Windows 10 Built-in apps with PowerShell
- Automatically Disable the touchpad when the mouse is connected to windows 10
- Download Latest Windows 10 version 22H2 ISO (Direct from Microsoft server)