Microsoft has released 64 patches addressing security vulnerabilities across its products including 11 flaws that are classed as critical – and six vulnerabilities that are actively being exploited by cyber attackers.
The security flaws impact Microsoft products including Windows, Microsoft Azure, Microsoft Exchange Server, Microsoft Office and more, some of which have been targeted by malicious hackers for months.
Two of the critical updates address security vulnerabilities in Microsoft Exchange Server, which have actively been under attack since September – CVE-2022-41028 and CVE-2022-41040.
CVE-2022-41040 is a server-side request forgery (SSRF) vulnerability, an exploit that allows attackers to make server-side application requests from an unintended location – for example, allowing them to access internal services without being within the perimeter of the network.
CVE-2022-41082 allows remote code execution when PowerShell is accessible to the attacker. Previously, Microsoft had only released mitigations for the vulnerabilities, but now patches are available, which if applied, can prevent attackers from exploiting them to access networks – and these should be applied as soon as possible.
Another vulnerability described as both critical and actively being exploited in the wild is CVE-2022-41128, a remote code execution vulnerability in Windows Scripting Languages. To exploit the vulnerability, attackers need to lure victims to specially crafted websites or servers – something that could be achieved with a phishing attack, which they can exploit to run code.
Microsoft hasn’t detailed how widely exploited this vulnerability is, but it’s likely to be a go-to tool for cyber criminals.
“Considering it’s a browse-and-own type of scenario, I expect this will be a popular bug to include in exploit kits,” said Dustin Childs of Zero Day Initiative, a scheme with the aim of encouraging the reporting of zero-day vulnerabilities.
Three of the vulnerabilities classed as ‘important’ are also being exploited by attackers and should be patched as soon as possible.
These include CVE-2022-41091, a Windows mark of the web (MotW) security feature bypass vulnerability that allows attackers to get around Microsoft Windows defenses that are supposed to identify files coming from an untrusted source by issuing a security warning.
By exploiting the vulnerability correctly, no alert is issued, meaning the user is unaware that they could be subject to malicious activity. The vulnerability was publicly disclosed in October and can now be patched.
Another vulnerability being actively exploited, which Microsoft’s Patch Tuesday update addresses, is CVE-2022-41125 – an elevation of privilege vulnerability in the Windows Cryptography API: Next Generation (CNG) Key Isolation Service. If exploited correctly, the vulnerability allows an attacker to run code.
The sixth vulnerability being used by attackers that is receiving a patch to help protect against exploitation is CVE-2022-41073, a Windows Print Spooler elevation of privilege vulnerability. It represents yet another patch designed to prevent attackers exploiting Print Nightmare flaws, which were first disclosed in July last year, but continue to be a popular attack vector for cyber attackers.
Microsoft hasn’t detailed how widespread attacks going after the three ‘important’ vulnerabilities are.
It’s recommended that the Microsoft Patch Tuesday updates are applied as soon as possible to prevent malicious hackers from exploiting vulnerabilities – especially when it’s known that several of the flaws are already being actively targeted.