Microsoft Patch Tuesday

Published On: October 21, 2022Categories: Cyber Briefs

In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, October 11, 2022. Today’s Patch Tuesday comes with fixes for two zero-days including a zero-day vulnerability currently used by cyber criminals, and a total of 84 flaws.

What is Patch Tuesday?

Patch Tuesday is Microsoft’s initiative to release new security fixes for the Windows operating system and any other Microsoft software on a monthly basis. Your SensCy team will monitor such releases and provide you with our observations and recommendations.

Why is it important?

This month’s patch Tuesday is critical because it fixes two zero-day vulnerabilities (a vulnerability in a system or device that has been disclosed but is not yet patched). The SensCy team recommends Microsoft users install those patches immediately.

One of the zero-day vulnerabilities is actively exploited by hackers and is referred to as CVE-2022-41033. According to Microsoft’s advisory “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” The other publicly disclosed zero-day tracked as CVE-2022-41043 could give hackers the opportunity to access user’s authentication token.

In addition to the zero-day fix, Microsoft is also fixing 84 vulnerabilities, with thirteen classified as “Critical” as they allow privileged elevation, remote code execution, spoofing.

Here is a breakdown of each vulnerability category:

  • 39 Elevation of Privilege Vulnerabilities
  • 2 Security Feature Bypass Vulnerabilities
  • 20 Remote Code Execution Vulnerabilities
  • 11 Information Disclosure Vulnerabilities
  • 8 Denial of Service Vulnerabilities
  • 4 Spoofing Vulnerabilities

For more information on vulnerabilities and the system that it effects, please refer to the full report from Microsoft linked here.

If you have any questions or concerns regarding patch Tuesday and are unsure of the implication of the new updates on your company, please reach out to SensCy.

Related Posts

  • November 29, 2022

    Categories: Cyber Briefs

    In today’s SensCy Cyber Brief, your SensCy team is investigating Business Email Compromise (BEC) fraud and methods used by threat actors that could leave your [...]

  • November 4, 2022

    Categories: Cyber Briefs

    In today’s SensCy Cyber Brief, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version immediately. The new update was released [...]

  • October 24, 2022

    Categories: Cyber Briefs

    On Wednesday, October 19, Microsoft confirmed that it accidentally exposed information about thousands of customers following a misconfiguration that left an endpoint publicly accessible without [...]