Październikowy Wtorek Microsoftu 2022

utworzone przez | paź 12, 2022 | Aktualizacje

Wtorkowa łata Microsoftu z 11 października 2022 r., a wraz z nią poprawki aktywnie wykorzystywanej luki w systemie Windows oraz łącznie 84 luki.

Trzynaście z 84 luk naprawionych w dzisiejszej aktualizacji sklasyfikowano jako „krytyczne”, ponieważ umożliwiają one podniesienie uprawnień, fałszowanie lub zdalne wykonanie kodu, co jest jednym z najpoważniejszych rodzajów luk. Wtorkowa łata w tym miesiącu naprawia dwie publicznie dostępne luki dnia zerowego, jedną aktywnie wykorzystywaną w atakach i jedną publicznie ujawnioną.

TagCVE IDCVE opisKrytyczność
Active Directory Domain ServicesCVE-2022-38042Active Directory Domain Services Elevation of Privilege VulnerabilityWażna
AzureCVE-2022-38017StorSimple 8000 Series Elevation of Privilege VulnerabilityWażna
Azure ArcCVE-2022-37968Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege VulnerabilityKrytyczna
Client Server Run-time Subsystem (CSRSS)CVE-2022-37987Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege VulnerabilityWażna
Client Server Run-time Subsystem (CSRSS)CVE-2022-37989Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege VulnerabilityWażna
Microsoft Edge (Chromium-based)CVE-2022-3311Chromium: CVE-2022-3311 Use after free in ImportNIeokreślona
Microsoft Edge (Chromium-based)CVE-2022-3313Chromium: CVE-2022-3313 Incorrect security UI in Full ScreenNIeokreślona
Microsoft Edge (Chromium-based)CVE-2022-3315Chromium: CVE-2022-3315 Type confusion in BlinkNIeokreślona
Microsoft Edge (Chromium-based)CVE-2022-3370Chromium: CVE-2022-3370 Use after free in Custom ElementsNIeokreślona
Microsoft Edge (Chromium-based)CVE-2022-3373Chromium: CVE-2022-3373 Out of bounds write in V8NIeokreślona
Microsoft Edge (Chromium-based)CVE-2022-3316Chromium: CVE-2022-3316 Insufficient validation of untrusted input in Safe BrowsingNIeokreślona
Microsoft Edge (Chromium-based)CVE-2022-3317Chromium: CVE-2022-3317 Insufficient validation of untrusted input in IntentsNIeokreślona
Microsoft Edge (Chromium-based)CVE-2022-3310Chromium: CVE-2022-3310 Insufficient policy enforcement in Custom TabsNIeokreślona
Microsoft Edge (Chromium-based)CVE-2022-3304Chromium: CVE-2022-3304 Use after free in CSSNIeokreślona
Microsoft Edge (Chromium-based)CVE-2022-41035Microsoft Edge (Chromium-based) Spoofing VulnerabilityUmiarkowana
Microsoft Edge (Chromium-based)CVE-2022-3308Chromium: CVE-2022-3308 Insufficient policy enforcement in Developer ToolsNIeokreślona
Microsoft Edge (Chromium-based)CVE-2022-3307Chromium: CVE-2022-3307 Use after free in MediaNIeokreślona
Microsoft Graphics ComponentCVE-2022-37986Windows Win32k Elevation of Privilege VulnerabilityWażna
Microsoft Graphics ComponentCVE-2022-38051Windows Graphics Component Elevation of Privilege VulnerabilityWażna
Microsoft Graphics ComponentCVE-2022-37997Windows Graphics Component Elevation of Privilege VulnerabilityWażna
Microsoft Graphics ComponentCVE-2022-37985Windows Graphics Component Information Disclosure VulnerabilityWażna
Microsoft Graphics ComponentCVE-2022-33635Windows GDI+ Remote Code Execution VulnerabilityWażna
Microsoft OfficeCVE-2022-38001Microsoft Office Spoofing VulnerabilityWażna
Microsoft OfficeCVE-2022-38048Microsoft Office Remote Code Execution VulnerabilityKrytyczna
Microsoft OfficeCVE-2022-41043Microsoft Office Information Disclosure VulnerabilityWażna
Microsoft Office SharePointCVE-2022-38053Microsoft SharePoint Server Remote Code Execution VulnerabilityWażna
Microsoft Office SharePointCVE-2022-41036Microsoft SharePoint Server Remote Code Execution VulnerabilityWażna
Microsoft Office SharePointCVE-2022-41038Microsoft SharePoint Server Remote Code Execution VulnerabilityKrytyczna
Microsoft Office SharePointCVE-2022-41037Microsoft SharePoint Server Remote Code Execution VulnerabilityWażna
Microsoft Office WordCVE-2022-41031Microsoft Word Remote Code Execution VulnerabilityWażna
Microsoft Office WordCVE-2022-38049Microsoft Office Graphics Remote Code Execution VulnerabilityWażna
Microsoft WDAC OLE DB provider for SQLCVE-2022-37982Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityWażna
Microsoft WDAC OLE DB provider for SQLCVE-2022-38031Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityWażna
NuGet ClientCVE-2022-41032NuGet Client Elevation of Privilege VulnerabilityWażna
Remote Access Service Point-to-Point Tunneling ProtocolCVE-2022-37965Windows Point-to-Point Tunneling Protocol Denial of Service VulnerabilityWażna
Role: Windows Hyper-VCVE-2022-37979Windows Hyper-V Elevation of Privilege VulnerabilityKrytyczna
Service FabricCVE-2022-35829Service Fabric Explorer Spoofing VulnerabilityWażna
Visual Studio CodeCVE-2022-41042Visual Studio Code Information Disclosure VulnerabilityWażna
Visual Studio CodeCVE-2022-41034Visual Studio Code Remote Code Execution VulnerabilityWażna
Visual Studio CodeCVE-2022-41083Visual Studio Code Elevation of Privilege VulnerabilityWażna
Windows Active Directory Certificate ServicesCVE-2022-37978Windows Active Directory Certificate Services Security Feature BypassWażna
Windows Active Directory Certificate ServicesCVE-2022-37976Active Directory Certificate Services Elevation of Privilege VulnerabilityKrytyczna
Windows ALPCCVE-2022-38029Windows ALPC Elevation of Privilege VulnerabilityWażna
Windows CD-ROM DriverCVE-2022-38044Windows CD-ROM File System Driver Remote Code Execution VulnerabilityWażna
Windows COM+ Event System ServiceCVE-2022-41033Windows COM+ Event System Service Elevation of Privilege VulnerabilityWażna
Windows Connected User Experiences and TelemetryCVE-2022-38021Connected User Experiences and Telemetry Elevation of Privilege VulnerabilityWażna
Windows CryptoAPICVE-2022-34689Windows CryptoAPI Spoofing VulnerabilityKrytyczna
Windows DefenderCVE-2022-37971Microsoft Windows Defender Elevation of Privilege VulnerabilityWażna
Windows DHCP ClientCVE-2022-38026Windows DHCP Client Information Disclosure VulnerabilityWażna
Windows DHCP ClientCVE-2022-37980Windows DHCP Client Elevation of Privilege VulnerabilityWażna
Windows Distributed File System (DFS)CVE-2022-38025Windows Distributed File System (DFS) Information Disclosure VulnerabilityWażna
Windows DWM Core LibraryCVE-2022-37970Windows DWM Core Library Elevation of Privilege VulnerabilityWażna
Windows DWM Core LibraryCVE-2022-37983Microsoft DWM Core Library Elevation of Privilege VulnerabilityWażna
Windows Event Logging ServiceCVE-2022-37981Windows Event Logging Service Denial of Service VulnerabilityWażna
Windows Group PolicyCVE-2022-37975Windows Group Policy Elevation of Privilege VulnerabilityWażna
Windows Group Policy Preference ClientCVE-2022-37994Windows Group Policy Preference Client Elevation of Privilege VulnerabilityWażna
Windows Group Policy Preference ClientCVE-2022-37993Windows Group Policy Preference Client Elevation of Privilege VulnerabilityWażna
Windows Group Policy Preference ClientCVE-2022-37999Windows Group Policy Preference Client Elevation of Privilege VulnerabilityWażna
Windows Internet Key Exchange (IKE) ProtocolCVE-2022-38036Internet Key Exchange (IKE) Protocol Denial of Service VulnerabilityWażna
Windows KernelCVE-2022-37988Windows Kernel Elevation of Privilege VulnerabilityWażna
Windows KernelCVE-2022-38037Windows Kernel Elevation of Privilege VulnerabilityWażna
Windows KernelCVE-2022-37990Windows Kernel Elevation of Privilege VulnerabilityWażna
Windows KernelCVE-2022-38038Windows Kernel Elevation of Privilege VulnerabilityWażna
Windows KernelCVE-2022-38039Windows Kernel Elevation of Privilege VulnerabilityWażna
Windows KernelCVE-2022-37995Windows Kernel Elevation of Privilege VulnerabilityWażna
Windows KernelCVE-2022-37991Windows Kernel Elevation of Privilege VulnerabilityWażna
Windows KernelCVE-2022-38022Windows Kernel Elevation of Privilege VulnerabilityWażna
Windows Local Security Authority (LSA)CVE-2022-38016Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityWażna
Windows Local Security Authority Subsystem Service (LSASS)CVE-2022-37977Local Security Authority Subsystem Service (LSASS) Denial of Service VulnerabilityWażna
Windows Local Session Manager (LSM)CVE-2022-37973Windows Local Session Manager (LSM) Denial of Service VulnerabilityWażna
Windows Local Session Manager (LSM)CVE-2022-37998Windows Local Session Manager (LSM) Denial of Service VulnerabilityWażna
Windows NTFSCVE-2022-37996Windows Kernel Memory Information Disclosure VulnerabilityWażna
Windows NTLMCVE-2022-35770Windows NTLM Spoofing VulnerabilityWażna
Windows ODBC DriverCVE-2022-38040Microsoft ODBC Driver Remote Code Execution VulnerabilityWażna
Windows Perception Simulation ServiceCVE-2022-37974Windows Mixed Reality Developer Tools Information Disclosure VulnerabilityWażna
Windows Point-to-Point Tunneling ProtocolCVE-2022-33634Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityKrytyczna
Windows Point-to-Point Tunneling ProtocolCVE-2022-22035Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityKrytyczna
Windows Point-to-Point Tunneling ProtocolCVE-2022-24504Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityKrytyczna
Windows Point-to-Point Tunneling ProtocolCVE-2022-38047Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityKrytyczna
Windows Point-to-Point Tunneling ProtocolCVE-2022-41081Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityKrytyczna
Windows Point-to-Point Tunneling ProtocolCVE-2022-30198Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityKrytyczna
Windows Point-to-Point Tunneling ProtocolCVE-2022-38000Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityKrytyczna
Windows Portable Device Enumerator ServiceCVE-2022-38032Windows Portable Device Enumerator Service Security Feature Bypass VulnerabilityWażna
Windows Print Spooler ComponentsCVE-2022-38028Windows Print Spooler Elevation of Privilege VulnerabilityWażna
Windows Resilient File System (ReFS)CVE-2022-38003Windows Resilient File System Elevation of PrivilegeWażna
Windows Secure ChannelCVE-2022-38041Windows Secure Channel Denial of Service VulnerabilityWażna
Windows Security Support Provider InterfaceCVE-2022-38043Windows Security Support Provider Interface Information Disclosure VulnerabilityWażna
Windows Server Remotely Accessible Registry KeysCVE-2022-38033Windows Server Remotely Accessible Registry Keys Information Disclosure VulnerabilityWażna
Windows Server ServiceCVE-2022-38045Server Service Remote Protocol Elevation of Privilege VulnerabilityWażna
Windows StorageCVE-2022-38027Windows Storage Elevation of Privilege VulnerabilityWażna
Windows TCP/IPCVE-2022-33645Windows TCP/IP Driver Denial of Service VulnerabilityWażna
Windows USB Serial DriverCVE-2022-38030Windows USB Serial Driver Information Disclosure VulnerabilityWażna
Windows Web Account ManagerCVE-2022-38046Web Account Manager Information Disclosure VulnerabilityWażna
Windows Win32KCVE-2022-38050Win32k Elevation of Privilege VulnerabilityWażna
Windows WLAN ServiceCVE-2022-37984Windows WLAN Service Elevation of Privilege VulnerabilityWażna
Windows Workstation ServiceCVE-2022-38034Windows Workstation Service Elevation of Privilege VulnerabilityWażna

Source:

https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2022-patch-tuesday-fixes-zero-day-used-in-attacks-84-flaws/

https://msrc.microsoft.com/update-guide/en-ushttps://msrc.microsoft.com/update-guide/releaseNote/2022-Oct