No Exchange Patches But TLS Issues

On patch day in October 2022, Microsoft will again be releasing over 80 patches. These do not include any updates for the recently discovered vulnerabilities in Exchange, but there are two updates for publicly known leaks that should be installed as a matter of urgency.

The patch day in October 2022 brings almost 80 patches from Microsoft again. These include two updates classified as important that close publicly known security gaps that are already under attack. Microsoft is not closing the security gaps in Exchange that have recently become known on patch day, the updates for them are apparently not yet ready.

Tip for securing Exchange servers

Exchange admins should always have the latest updates for Exchange installed, especially the latest cumulative update for the relevant Exchange version. This includes the Emergency Mitigation Service, which helps to close security gaps. The gaps were uncovered by two researchers from the security company GTSC. All Exchange versions from Exchange Server 2013 are affected. Microsoft also warns of the vulnerability in a separate blog post.

Exploit available: vulnerability in Windows 10/11 and Windows Server 2019/2022 and older

The vulnerability CVE-2022-41033 (Windows COM+ Event System Service Elevation of Privilege Vulnerability) is public and exploits for it already exist. The vulnerability applies to all current Windows and Windows Server versions, up to Windows 10 and Windows 11 as well as Windows Server 2019 and Windows Server 2022.

READ:  What is the MITER Att&ck Framework?

The vulnerability allows attackers to take over a system by escalating access privileges and allowing remote code execution. Most likely, the malware enters networks via phishing attacks. Therefore, the updates should be installed as soon as possible.

Publicly known vulnerability in Microsoft Office 2019/2021

The second, publicly known vulnerability has the number CVE-2022-41043. The vulnerability affects the LTSC versions of Office 2019 and 2021. The vulnerability is also publicly known here. Therefore, these updates should also be installed quickly.

At the same time, the two critical gaps CVE-2022-38048 and CVE-2022-38049 should also be closed in Office. In addition to Office 2019/2021, the Office programs in Microsoft 365 are also affected.

CVE-2022-37987: Vulnerability in Windows allows takeover

Update CVE-2022-37987 should also be closed quickly. The vulnerability allows a server or workstation to be taken over by elevation of privileges. All current Windows versions are also affected here, i.e. Windows 10/11 and Windows Server 2019/2022. At the same time, the update CVE-2022-37989 also plays an important role. This addresses a similar vulnerability and also affects Windows.

Critical vulnerability in Active Directory Certificate Services

The CVE-2022-37976 vulnerability affects the Active Directory Certificate Services on all current Windows servers. Attackers can hijack the services and thereby gain control over the service and its certificates. The update classified as critical should therefore be installed as soon as possible.

READ:  Distinguishing White-Hat, Gray-Hat and Black-Hat Hackers