Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as “Critical”, 41 are classified as “Important”, with the remaining vulnerability classified as “Moderate.”
One of the critical vulnerabilities, which Microsoft considers to be “more likely” to be exploited is CVE-2022-41076, a remote code execution (RCE) vulnerability in Windows PowerShell which could allow a previously authenticated attacker to escape the PowerShell Remoting Session Configuration and run unauthorized commands on compromised systems.
Another critical vulnerability, CVE-2022-41127, affects Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central. Successful exploitation could allow an attacker to execute code on Dynamic NAV servers within the context of the service account under which Dynamics is running.
Two additional critical vulnerabilities, CVE-2022-44670 and CVE-2022-44676 are remote code execution vulnerabilities affecting the Windows Secure Socket Tunneling Protocol (SSTP). Successful exploitation of these vulnerabilities requires an attacker to win a race condition but could enable an attacker to remotely execute code on RAS servers.
The final two critical vulnerabilities being addressed this month are remote code execution vulnerabilities in Microsoft Sharepoint Server. Successful exploitation of CVE-2022-44690 or CVE-2022-44693 could enable an attacker to execute code on Sharepoint Servers but require the attacker to first be authenticated and granted the ability to use the Manage Lists feature in Sharepoint.
Talso would also like to highlight 6 important vulnerabilities that Microsoft considers to be “more likely” to be exploited.
- CVE-2022-41121: Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2022-44671: Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2022-44673: Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability
- CVE-2022-44675: Windows Bluetooth Driver Elevation of Privilege Vulnerability
- CVE-2022-44683: Windows Kernel Elevation of Privilege Vulnerability
- CVE-2022-44704: Microsoft Windows Sysmon Elevation of Privilege Vulnerability
A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page.
In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.
The rules included in this release that protect against the exploitation of many of these vulnerabilities are 60972 - 60975, 60977 - 60978. For Snort 3, the following rules are also available to protect against these vulnerabilities: 300339 - 300341.