- Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2022-37969)
- Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability (CVE-2022-34722)
- Windows COM+ Event System Service Elevation of Privilege (EoP) Vulnerability (CVE-2022-41033)
- Windows SMB Denial-of-Service Vulnerability (CVE-2022-32230)
- Windows IIS Server Elevation of Privilege Vulnerability (CVE-2022-30209)
- Microsoft Office Information Disclosure Vulnerability (CVE-2022-41043)
- Windows Print Spooler Elevation of Privilege Vulnerability (CVE-2022-38028)
- Windows Event Logging Service Denial of Service Vulnerability (CVE-2022-37981)
- Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability (CVE-2022-41100)
- Windows Server Service Tampering Vulnerability (CVE-2022-30216)
Microsoft has confirmed it as the elevation of privilege in the Windows common log file system, if an attack is successful, the attacker might gain access to all the system privileges that allow the threat actor to gain complete control of the targeted machine. Also, the exploit code is available in the wild, so, with minimal user interaction a system can be exploited. But this vulnerability needs to execute a code after gaining access to the target system. This can be done by some sort of phishing attacks to use malware for gaining access to the system. CVE-2022-37969 is not that complex so it might become a cyber weapon soon. It is recommended to harden your system as soon as possible to help prevent this vulnerability.
2. Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability (CVE-2022-34722)
This is a remote code execution vulnerability in the Windows Internet Key Exchange protocol, marked as a critical vulnerability by Microsoft. It is also pretty simple to handle because of its low complexity which allows the attackers to attack without user interaction. In this vulnerability, an unidentified and unauthenticated remote user sends a crafted IP packet to the target machine running Windows. There is also a pre-requisite to this exploit, which is, IPSec service must be enabled. With IPSec enabled this remote code execution vulnerability can subsist.
CVE-2022-41033 is an elevation of privilege vulnerability in Windows COM+ Event System Service. October 2022 patch Tuesday disclosed this as a zero-day vulnerability in terms of prioritization this comes at the top. As, it can affect all versions of Windows, starting from Windows 7 to Windows 11. If exploited it will give a huge impact by loss of confidentiality and integrity. A threat actor can gain system privileges by successfully exploiting this vulnerability. This also requires social engineering to attack but if socially engineered then it might become a risk.
Server Message Block (SMB) is a file-sharing protocol over the network. Allowing to read and write to files over the network and to request services from programs on the server. CVE-2022-32230 is a denial of service vulnerability in Windows Server Message Block. This vulnerability can be exploited when a remote and unauthenticated attacker triggers a denial of service condition on the target device. This is made possible by leveraging a flaw leading to the deference of a null pointer in Windows kernel.
5. Windows IIS Server Elevation of Privilege Vulnerability (CVE-2022-30209)
Internet Information Services (IIS) server is a web server from Microsoft that serves the request for HTML pages or files. CVE-2022-30209 is an elevation of privilege vulnerability in Windows IIS server. This vulnerability exists when the length of a buffer is not checked by the IIS server before copying memory to it. An attacker who successfully exploits this vulnerability can run an unprivileged function to execute a code in the system.
CVE-2022-41043 is an information disclosure vulnerability in Microsoft Office Suite. If this vulnerability is successfully exploited it might be able to leak user tokens and other potentially sensitive information. To exploit this vulnerability the target system user must be interacting with the system. As a result, the confidentiality of the user will be affected. A hardening policy there must be enacted to achieve baseline hardening to prevent the attack.
7. Windows Print Spooler Elevation of Privilege Vulnerability (CVE-2022-38028)
CVE-2022-38028 is an elevation of privilege vulnerability in Windows Print Spooler service, marked as critical by Microsoft. If this vulnerability is exploited then an unknown component of Windows Print Spooler is affected. In return, there is a loss of integrity, availability, and confidentiality. To mitigate this critical vulnerability a patch must be applied immediately.
8. Windows Event Logging Service Denial of Service Vulnerability (CVE-2022-37981)
CVE-2022-37981 is a denial of service vulnerability in Windows Event Logging service. This vulnerability has been dubbed to OverLog. OverLog allows remote access to the system's event logs. It causes a denial of service attack by filling the storage drive of any Windows machine. But OverLog cannot fully deny the service only affecting the system logs partially. As a part of the remediation process, Microsoft has released a patch restricting the access of local administrators to the Internet Explorer Event Log.
9. Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability (CVE-2022-41100)
CVE-2022-41100 is an elevation of privilege vulnerability in Windows Advance Local Procedure Call. This CVE ID is different than the CVE ID's CVE-2022-41045 and CVE-2022-41093. An attacker who successfully exploited this vulnerability can gain access to System privileges which can become fatal. But to exploit this vulnerability the attacker is required to win a race condition as the attack complexity of this vulnerability is very high according to the CVSS score.
CVE-2022-30216 is a tampering vulnerability in Windows Server service. A system with this vulnerability allows the threat actor to perform server spoofing on affected systems. It exists in newly implemented Server Services (srvsvc) released in the latest versions of Windows. Successful exploitation of this vulnerability allows the attacker to perform an RCE (Remote Code Execution) on the target domain controller. Microsoft released patches to overcome this vulnerability in the form of KB articles.
In the October 2022 patches, Microsoft addressed in their user guide a total of 84 vulnerabilities, which encompassed 13 critical vulnerabilities capable of enabling Elevation of Privilege (EoP), Remote Code Execution (RCE), and Spoofing
These vulnerabilities can be mitigated by following some basic steps:
- Keeping your Windows updated, as, Microsoft continuously releases patches for security fixes. By keeping up to date you might be able to mitigate some of these vulnerabilities.
- Make your employees acknowledge the importance of cybersecurity and how to protect themselves from cyber attacks.
- Hardening all the end-points in your infrastructure, so that you always have control over the configuration of your system, which will certainly decrease the attack surface. The best approach is to use Automated Server Hardening to mitigate these vulnerabilities.