Patch Tuesday is once again upon us. The October 2022 edition of Patch Tuesday brings us 89 fixes, with 13 rated as critical. We’ve listed the most important changes below.
⚡ TL;DR | Go Straight to the October 2022 Patch Tuesday Audit Report
Microsoft SharePoint Server RCE Vulnerability
One of the most critical vulnerabilities is in Sharepoint. CVE-2022-41038 received a CVSS base score of 8.8. Luckily, an attacker must both be authenticated to the target site and also have permission to access and use the Manage List within Sharepoint. The exploitation of this vulnerability could allow attackers to execute code remotely on your SharePoint servers.
Microsoft lists that luckily the vulnerability is not being actively exploited yet, but stresses that exploitation is likely, so best to update your SharePoint servers as soon as possible.
Additionally, three less severe vulnerabilities were also fixed for SharePoint. CVE-2022-41037, CVE-2022-41036, and CVE-2022-38053 are all three RCE vulnerabilities with a CVSS score of 8.8. However, Microsoft doesn’t rate them as critical.
Windows Point-to-Point Tunneling Protocol RCE
A staggering 7 of the critical vulnerabilities are in the Windows point-to-point tunneling protocol. All received a CVSS base score of 8.1.
Microsofts comments that for an attacker to exploit the vulnerability, they would need to send a specially crafted malicious PPTP packet to a PPTP server. If successful attackers are able to remotely execute code on the target machine.
Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
The last major vulnerability is in the cluster connect feature of Azure Arc-enabled Kubernetes clusters. Because the Azure Stack Edge allows users to deploy Kubernetes workloads on devices via Azure Arc, Azure Stack Edge devices are also deemed as vulnerable.
CVE-2022-37968 received a max CVSS base score of 10, and while Microsoft doesn’t list exploitability as likely, the ease of exploitation does make it a high priority if you’re using the cluster connect feature. Microsoft added additional guidance in their security center.
“An attacker who knows the randomly generated external DNS endpoint for an Azure Arc-enabled Kubernetes cluster can exploit this vulnerability from the internet. Successful exploitation of this vulnerability, which affects the cluster connect feature of Azure Arc-enabled Kubernetes clusters, allows an unauthenticated user to elevate their privileges as cluster admins and potentially gain control over the Kubernetes cluster.”
Microsoft
Run the Patch Tuesday October 2022 Audit Report
To help manage your update progress, we’ve created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to Lansweeper Cloud sites. Lansweeper Cloud is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday October 2022 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2022-41083 | Visual Studio Code Elevation of Privilege Vulnerability |
| CVE-2022-41081 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-41043 | Microsoft Office Information Disclosure Vulnerability |
| CVE-2022-41042 | Visual Studio Code Information Disclosure Vulnerability |
| CVE-2022-41038 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2022-41037 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2022-41036 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2022-41034 | Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2022-41033 | Windows COM+ Event System Service Elevation of Privilege Vulnerability |
| CVE-2022-41032 | NuGet Client Elevation of Privilege Vulnerability |
| CVE-2022-41031 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2022-38053 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2022-38051 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2022-38050 | Win32k Elevation of Privilege Vulnerability |
| CVE-2022-38049 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2022-38048 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2022-38047 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-38046 | Web Account Manager Information Disclosure Vulnerability |
| CVE-2022-38045 | Server Service Remote Protocol Elevation of Privilege Vulnerability |
| CVE-2022-38044 | Windows CD-ROM File System Driver Remote Code Execution Vulnerability |
| CVE-2022-38043 | Windows Security Support Provider Interface Information Disclosure Vulnerability |
| CVE-2022-38042 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2022-38041 | Windows Secure Channel Denial of Service Vulnerability |
| CVE-2022-38040 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
| CVE-2022-38039 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-38038 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-38037 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-38036 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability |
| CVE-2022-38034 | Windows Workstation Service Elevation of Privilege Vulnerability |
| CVE-2022-38033 | Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability |
| CVE-2022-38032 | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability |
| CVE-2022-38031 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2022-38030 | Windows USB Serial Driver Information Disclosure Vulnerability |
| CVE-2022-38029 | Windows ALPC Elevation of Privilege Vulnerability |
| CVE-2022-38028 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-38027 | Windows Storage Elevation of Privilege Vulnerability |
| CVE-2022-38026 | Windows DHCP Client Information Disclosure Vulnerability |
| CVE-2022-38025 | Windows Distributed File System (DFS) Information Disclosure Vulnerability |
| CVE-2022-38022 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-38021 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability |
| CVE-2022-38017 | StorSimple 8000 Series Elevation of Privilege Vulnerability |
| CVE-2022-38016 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability |
| CVE-2022-38003 | Windows Resilient File System Elevation of Privilege |
| CVE-2022-38001 | Microsoft Office Spoofing Vulnerability |
| CVE-2022-38000 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-37999 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability |
| CVE-2022-37998 | Windows Local Session Manager (LSM) Denial of Service Vulnerability |
| CVE-2022-37997 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2022-37996 | Windows Kernel Memory Information Disclosure Vulnerability |
| CVE-2022-37995 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-37994 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability |
| CVE-2022-37993 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability |
| CVE-2022-37991 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-37990 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-37989 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability |
| CVE-2022-37988 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-37987 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability |
| CVE-2022-37986 | Windows Win32k Elevation of Privilege Vulnerability |
| CVE-2022-37985 | Windows Graphics Component Information Disclosure Vulnerability |
| CVE-2022-37984 | Windows WLAN Service Elevation of Privilege Vulnerability |
| CVE-2022-37983 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2022-37982 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2022-37981 | Windows Event Logging Service Denial of Service Vulnerability |
| CVE-2022-37980 | Windows DHCP Client Elevation of Privilege Vulnerability |
| CVE-2022-37979 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2022-37978 | Windows Active Directory Certificate Services Security Feature Bypass |
| CVE-2022-37977 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability |
| CVE-2022-37976 | Active Directory Certificate Services Elevation of Privilege Vulnerability |
| CVE-2022-37975 | Windows Group Policy Elevation of Privilege Vulnerability |
| CVE-2022-37974 | Windows Mixed Reality Developer Tools Information Disclosure Vulnerability |
| CVE-2022-37973 | Windows Local Session Manager (LSM) Denial of Service Vulnerability |
| CVE-2022-37971 | Microsoft Windows Defender Elevation of Privilege Vulnerability |
| CVE-2022-37970 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2022-37968 | Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability |
| CVE-2022-37965 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability |
| CVE-2022-35829 | Service Fabric Explorer Spoofing Vulnerability |
| CVE-2022-35770 | Windows NTLM Spoofing Vulnerability |
| CVE-2022-34689 | Windows CryptoAPI Spoofing Vulnerability |
| CVE-2022-33645 | Windows TCP/IP Driver Denial of Service Vulnerability |
| CVE-2022-33635 | Windows GDI+ Remote Code Execution Vulnerability |
| CVE-2022-33634 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-30198 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-30134 | Microsoft Exchange Information Disclosure Vulnerability |
| CVE-2022-24516 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2022-24504 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-24477 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2022-22035 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-21980 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2022-21979 | Microsoft Exchange Information Disclosure Vulnerability |
"*" indicates required fields
Receive the Latest Patch Tuesday Report for FREE Every Month
