2022 Novembre Patch Tuesday

Webinar Patch Tuesday
jeudi 10 novembre 2022
Présenté par Gency Myrtezai et Lauriane Mounier

Agenda
November 2022 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A

Copyright © 2022 Ivanti. All rights reserved.
November Patch Tuesday 2022
Microsoft resolved 81 CVEs in the November Patch Tuesday release including the pair of Exchange vulnerabilities
referred to as ProxyNotShell (CVE-2022-41040 and CVE-2022-41082) and four zero-day vulnerabilities in the Windows
OS (CVE-2022-41125, CVE-2022-41073, CVE-2022-41091, and CVE-2022-41128). Applying a risk-based
prioritization approach to this month’s lineup, you will want to focus your attention on updating Exchange Server (on-
premise) and the Windows OS as your top priorities.

In the News
 ProxyNotShell resolved
 https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-proxynotshell-
exchange-zero-days-exploited-in-attacks/
 Google patches seventh zero-day exploit in Chrome this year
 https://www.androidpolice.com/google-chrome-desktop-zero-day-exploit-oct-2022/
 Microsoft warns of uptick in threat actor use of publicly-disclosed zero-day
exploits
 https://securityaffairs.co/wordpress/138100/security/treat-actors-zero-day.html
 https://www.techtarget.com/searchsecurity/news/252527020/Microsoft-Nation-state-
threats-zero-day-attacks-increasing
 Patch your mobiles: Android and iOS Exploits
 https://www.securityweek.com/google-reveals-spyware-vendors-use-samsung-phone-zero-day-
exploits
 https://www.bankinfosecurity.com/apple-issues-emergency-ios-fix-as-kernel-zero-day-exploited-a-
20322
 https://www.darkreading.com/edge-articles/apple-s-constant-battles-against-zero-day-exploits

Known Exploited Vulnerabilities
 CVE-2022-41040 Microsoft Exchange Server Elevation of Privilege
Vulnerability
 CVSS 3.1 Scores: 8.8 / 7.9
 Severity: Critical
 Exchange Server 2013 CU 23, 2016 CU 22 & 23, 2019 CU 11 & 12
 CVE-2022-41082 Microsoft Exchange Server Remote Code Execution
Vulnerability
 CVSS 3.1 Scores: 8.8 / 8.3
 Severity: Important
 Exchange Server 2013 CU 23, 2016 CU 22 & 23, 2019 CU 11 & 12
 Both subject to the ProxyNotShell attack

Known Exploited Vulnerabilities (cont)
 CVE-2022-41073 Windows Print Spooler Elevation of Privilege
Vulnerability
 CVSS 3.1 Scores: 7.8 / 6.8
 Impacts all Windows workstation and server operating systems
 CVE-2022-41125 Windows CNG Key Isolation Service Elevation of
Privilege Vulnerability
 CVSS 3.1 Scores: 7.8 / 6.8
 Impacts all Windows workstation and server operating systems from Windows 8.1+
 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Known Exploited Vulnerabilities (cont)
 CVE-2022-41128 Windows Scripting Languages Remote Code
Execution Vulnerability
 CVSS 3.1 Scores: 8.8 / 8.2
 Severity: Critical
 Impacts all Windows workstation and server operating systems except Server 2008
 This vulnerability requires that a user with an affected version of Windows access a
malicious server. This vulnerability impacts the JScript9 scripting language.

Known Exploited and Publicly Disclosed Vulnerability
 CVE-2022-41091 Windows Mark of the Web Security Feature Bypass
Vulnerability
 CVSS 3.1 Scores: 5.4 / 4.7
 Impacts Windows 10 and 11 as well as Windows Server 2016, 2019, and 2022
 An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses,
resulting in a limited loss of integrity and availability of security features such as Protected
View in Microsoft Office, which rely on MOTW tagging.

Publicly Disclosed Vulnerability
 CVE-2022-37972 Microsoft Endpoint Configuration Manager Spoofing
Vulnerability
 CVSS 3.1 Scores: 9.8 / 8.8
 This impacts systems running Microsoft Endpoint Configuration Manager, versions 2103 –
2207.
 Re-issue from original back in September 2022

Microsoft Patch Tuesday Updates of Interest
 Advisory 990001 Latest Servicing Stack Updates (SSU)
 https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
 No stand-alone service stack updates this month
 Azure and Development Tool Updates
 Azure EFLOW
 Azure CLI
 Azure CycleCloud 7 & 8
 Azure RTOS GUIX Studio
 Visual Studio 2017 v15.9
 Visual Studio 2019 (multiple)
 Visual Studio 2022 (multiple)
 Windows Subsystem for Linux (WSL2)

Server 2012/2012 R2 EOL is Coming
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
Source: Microsoft

Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
21H2 11/16/2021 6/11/2024
21H1 5/18/2021 12/13/2022
20H2 10/20/2020 5/9/2023
Windows 10 Home and Pro
21H2 11/16/2021 6/13/2023
21H1 5/18/2021 12/13/2022
Windows Datacenter and Standard Server
2019 11/13/2019 1/9/2024
2022 8/18/2021 10/13/2026
Windows 11 Home and Pro
21H2 10/4/2021 10/10/2023
22H2 9/20/2022 10/8/2024
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/faq/windows

Patch Content Announcements
 Announcements Posted on Community Forum Pages
 https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
 Subscribe to receive email for the desired product(s)

MS22-11-W11: Windows 11 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 11 Version 21H2, 22H2, and Edge
Chromium
 Description: This bulletin references KB 5019961 (21H2) and KB 5019980 (22H2).
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege and Information Disclosure
 Fixes 37 Vulnerabilities: CVE-2022-41073, CVE-2022-41125, and CVE-2022-
41128 are known exploited. CVE-2022-41091 is publicly disclosed and known
exploited. See the Security Update Guide for the complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: See next slide

November Known Issues for Windows 11
 KB 5019980 – Windows 11 version 22H2
 [Provision] Using provisioning packages on Windows 11, version 22H2 (also called
Windows 11 2022 Update) might not work as expected. Windows might only be
partially configured, and the Out Of Box Experience might not finish or might restart
unexpectedly. Workaround: Provision before updating to 22H2. Microsoft is working
on a resolution.
 [Slow Copy] Copying large multiple gigabyte (GB) files might take longer than
expected to finish on Windows 11, version 22H2. Workaround: Use file copy tools
that do not use cache manager (buffered I/O). See KB for multiple mitigations.
Microsoft is working on a resolution.

MS22-11-W10: Windows 10 Update
 Affected Products: Microsoft Windows 10 Versions 1607, 1809, 20H2, 21H1, 21H2,
Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and
Edge Chromium
 Description: This bulletin references 6 KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing, Elevation of Privilege and Information Disclosure
41128 are known exploited. CVE-2022-41091 is publicly disclosed and known

November Known Issues for Windows 10
 KB 5019966 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT
Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows
Server 2019
 [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail
to start because a Cluster Network Driver is not found. Workaround: This issue
occurs because of an update to the PnP class drivers used by this service. After
about 20 minutes, you should be able to restart your device and not encounter this
issue. For more information about the specific errors, cause, and workaround for
this issue, please see KB 5003571.

November Known Issues for Windows 10 (cont)
 KB 5019959 – Windows 10 Enterprise and Education version 20H2,
Windows 10 IoT Enterprise version 20H2, Windows 10 on Surface Hub
Windows 10 version 21H1, Windows 10 version 21H2, Windows 10
version 22H2
 [Edge Removed] Devices with Windows installations created from custom offline
media or custom ISO image might have Microsoft Edge Legacy removed by this
update, but not automatically replaced by the new Microsoft Edge. Devices that
connect directly to Windows Update to receive updates are not affected.
Workaround: Slipstream the SSU released March 29, 2021 or later into the custom
offline media or ISO image before slipstreaming the LCU. Or install Microsoft Edge
if you have encountered affected media. See KB for details.

MS22-11-IE: Security Updates for Internet Explorer
 Affected Products: Internet Explorer 11
 Description: The improvements that are included in this update are also included in
the November 2022 Security Monthly Quality Rollup. Installing either this update or the
Security Monthly Quality Rollup installs the same improvements. This bulletin
references KB 5019958.
 Impact: Remote Code Execution
 Fixes 2 Vulnerabilities: CVE-2022-41128 is known exploited. See the Security
Update Guide for the complete list of CVEs.
 Restart Required: Requires browser restart
 Known Issues: None reported

MS22-11-MR2K8-ESU: Monthly Rollup for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008 and IE 9
 Description: This cumulative security update contains improvements that are part of
update KB 5017358 (released October 11, 2022). Addressed issues related to the
Forest Trust creation process, as well as updates to the Kerberos and NetLogon
protocols. Bulletin is based on KB 5020019.
 Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and
Information Disclosure

November Known Issues for Server 2008
 KB 5020019 – Windows Server 2008 (Monthly Rollup)
 [Domain Join] After this update or a later Windows update is installed, domain join
operations might be unsuccessful and error "0xaac (2732):
NERR_AccountReuseBlockedByPolicy" occurs. Additionally, text stating "An
account with the same name exists in Active Directory. Re-using the account was
blocked by security policy" might be displayed. Workaround: Microsoft has added
guidance to KB 5020276 and is evaluating whether optimizations can be made in a
future Windows Update.
 KB 5020005 – Windows Server 2008 (Security-only Update)
 [Domain Join]

MS22-11-SO2K8-ESU: Security-only Update for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: Addressed issues related to the Forest Trust creation process, as well
as updates to the Kerberos and NetLogon protocols. Bulletin is based on KB 5020005.
 Known Issues: See previous slide

MS22-11-MR7-ESU: Monthly Rollup for Win 7
MS22-11-MR2K8R2-ESU Monthly Rollup for Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11
 Description: This cumulative security update contains improvements that are part of update
KB 5017361 (released October 11, 2022). Addressed issues related to DCOM hardening
authentication, an Azure AD application proxy connector, the Forest Trust creation process, as
well as updates to the Kerberos and NetLogon protocols. Bulletin is based on KB 5020000.
 Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information
Disclosure
 Fixes 24 Vulnerabilities: CVE-2022-41073 and CVE-2022-41128 are known exploited. See
the Security Update Guide for the complete list of CVEs.
 Known Issues: [Domain Join]

MS22-11-SO7-ESU: Security-only Update for Win 7
MS22-11-SO2K8R2-ESU: Security-only Update for Server 2008 R2
 Affected Products: Microsoft Windows 7 and Server 2008 R2
 Description: Addressed issues related to DCOM hardening authentication, an Azure
AD application proxy connector, the Forest Trust creation process, as well as updates to
the Kerberos and NetLogon protocols. Bulletin is based on KB 5020013.
 Fixes 24 Vulnerabilities: CVE-2022-41073 and CVE-2022-41128 are known

MS22-11-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Windows Server 2012 and IE
 Description: This cumulative security update contains improvements that are part of update
KB 5017370 (released October 11, 2022). Addressed issues related to the Forest Trust
creation process, as well as updates to the Kerberos and NetLogon protocols. Bulletin is based
on KB 5020009.
Disclosure
 Fixes 23 Vulnerabilities: CVE-2022-41073, CVE-2022-41125, and CVE-2022-41128 are
known exploited. See the Security Update Guide for the complete list of CVEs.

MS22-11-SO8: Security-only Update for Windows Server 2012
 Affected Products: Microsoft Windows Server 2012
 Description: Addressed issues related to the Forest Trust creation process, as well
as updates to the Kerberos and NetLogon protocols. Bulletin is based on KB 5020003.
41128 are known exploited. See the Security Update Guide for the complete list of
CVEs.

MS22-11-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
 Description: This cumulative security update includes improvements that are part of update
KB 5018474 (released October 11, 2022). Bulletin is based on KB 5020023.
Disclosure
 Fixes 26 Vulnerabilities: CVE-2022-41073, CVE-2022-41125, and CVE-2022-41128 are
known exploited. See the Security Update Guide for the complete list of CVEs.
NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.

MS22-11-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
 Description: Bulletin is based on KB 5020010.
Disclosure
 Fixes 26 Vulnerabilities: CVE-2022-41073, CVE-2022-41125, and CVE-2022-41128
are known exploited. See the Security Update Guide for the complete list of CVEs.
NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.

MS22-11-EXCH: Security Updates for Exchange Server
 Affected Products: Microsoft Exchange Server 2013 CU23, Exchange
Server 2016 CU22 & CU23, and Exchange Server 2019 CU11 & CU12.
 Description: This security update resolves elevation of privilege and spoofing
vulnerabilities in Microsoft Exchange. This bulletin is based on KB 5019758.
 Impact: Elevation of Privilege and Spoofing
 Fixes 6 Vulnerabilities: CVE-2022-41040 and CVE-2022-41082 are known

MS22-11-OFF: Security Updates for Microsoft Office
 Maximum Severity: Important
 Affected Products: Excel 2013 & 2016, Office 2013 and 2016, Office 2019 for Mac,
Office 2021 LTSC for Mac, Office Online Server, Office Web Apps, and Word 2013 &
2016
 Description: This security update resolves several issues in the Microsoft Office
suite of products. Advisory 220003 states this update provides hardening around IRM-
protected documents to ensure the trust-of-certificate chain. This bulletin references 8
KB articles and release notes.
 Impact: Remote Code Execution, Security Feature Bypass and Information
Disclosure
 Fixes 7 Vulnerabilities: No vulnerabilities are publicly disclosed or known
 Restart Required: Requires application restart

MS22-11-O365: Security Updates Microsoft 365 Apps, Office 2019
and Office LTSC 2021
 Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021
 Description: This month’s update resolved various bugs and performance issues in
Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
 Impact: Remote Code Execution, Security Feature Bypass and Information
Disclosure
exploited.
 Restart Required: Requires application restart

MS22-11-SPT: Security Updates for SharePoint Server
 Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft
SharePoint Foundation Server 2013, SharePoint Enterprise Server 2013, SharePoint
Enterprise Server 2016, and SharePoint Server 2019
 Description: This security update resolves a series of 5 Microsoft SharePoint Server
vulnerabilities. There are multiple non-security issues resolved as well. Check KB for
each version for details. This bulletin is based on 11 6 KB articles.
 Impact: Remote Code Execution, Spoofing and Information Disclosure
exploited. CVE-2022-41060, CVE-2022-41061, CVE-2022-41062, CVE-2022-41103,
and CVE-2022-41122 are fixed in this release.

November Known Issues for SharePoint Server
 SharePoint Server – Check specific KBs for details on each CVE
 NOTE: Microsoft missed reporting that CVE-2022-41122 was included in the
September updates for some releases. They listed it in this update which flagged the
September KBs which had several reported issues and show up in the Release Notes
for this Patch Tuesday. There are no reported issues with the November KBs. Here
are the November KBs with links.
 Sharepoint Server 2019 – KB 5002294
 Sharepoint Server Subscription Edition – KB 5002296
 Sharepoint Enterprise Server 2016 – KB 5002305
 SharePoint Foundation 2013 – KB 5002303
 SharePoint Enterprise Server 2013 – KB 5002302 (Cumulative Update)
 SharePoint Enterprise Server 2013 – KB 5002235

MS22-11-MRNET: Monthly Rollup for Microsoft .NET
 Affected Products: Microsoft Windows .Net Framework 4.6.2 through 4.8.1
 Description: This security update addresses a vulnerability which exists in
System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a timeout
occurring under high load can cause incorrect data to be returned as the result of an
asynchronously executed query or command. This bulletin references 17 KB articles.
 Impact: Information Disclosure
 Fixes 1 Vulnerability: CVE-2022-41064 is not publicly disclosed or known
exploited.
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

MS22-11-SONET: Security-only Update for Microsoft .NET
 Affected Products: Microsoft Windows .Net Framework 4.6.2 through 4.8.1
 Description: This security update addresses a vulnerability which exists in
System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a timeout
occurring under high load can cause incorrect data to be returned as the result of an
asynchronously executed query or command. This bulletin references 17 KB articles.
 Impact: Information Disclosure
 Fixes 1 Vulnerability: CVE-2022-41064 is not publicly disclosed or known
exploited.
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

Release Summary
 Security Updates (with CVEs): Azul Zulu (1), Google Chrome (2), Corretto (3), Firefox (1), Firefox
ESR (1), Java 8 (1), Java Development Kit 11 (1), Java Development Kit 17 (1), Node.JS (LTS Lower) (1),
Node.JS (Maintain) (1), Apache Tomcat (1), Wireshark (1), Zoom Rooms Client (1)
 Security (w/o CVEs): Audacity (2), CCleaner (1), Google Chrome (1), ClickShare App Machine-Wide
Installer (1), Falcon Sensor for Windows (1), Citrix Workspace App (1), Dropbox (3), Evernote (2), Firefox (2),
FileZilla Client (1), GoodSync (3), GIT for Windows (1), LibreOffice (1), LogMeIn (1), Node.JS (Current) (1),
Notepad++ (1), Opera (2), Plex Media Server (1), Royal TS (2), Slack Machine-Wide Installer (2), Snagit (1),
Tableau Desktop (6), Tableau Prep Builder (1)Tableau Reader (1)Thunderbird (2), TortoiseSVN (2), WinSCP
(1), Zoom Client (1), Zoom VDI (1)
 Non-Security Updates: 8x8 Work Desktop (1), Apple Mobile Device Support (1), Beyond Compare (1),
Box Drive (1), Boxcryptor (1), Google Drive File Stream (1), GeoGebra Classic (3), BlueJeans (1),
KeePassXC (2), NextCloud Desktop Client (1), Password Safe (1), R for Windows (1), TreeSize Free (1),
Cisco WebEx Teams (1), WinMerge (1)

Third Party CVE Information
 Google Chrome 107.0.5304.63
 CHROME-221025, QGC1070530463
 Fixes 10 Vulnerabilities: CVE-2022-3652, CVE-2022-3653, CVE-2022-3654, CVE-
2022-3655, CVE-2022-3656, CVE-2022-3657, CVE-2022-3658, CVE-2022-3659,
CVE-2022-3660, CVE-2022-3661
 Google Chrome 107.0.5304.88
 CHROME-221028, QGC1070530488
 Fixes 1 Vulnerability: CVE-2022-3723
 Firefox 106.0
 FF-221018, QFF1060
2022-42930, CVE-2022-42931, CVE-2022-42932

Third Party CVE Information (cont)
 Firefox ESR 102.4.0
 FFE-221018, QFFE10240
 Fixes 4 Vulnerabilities: CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-
42932
 Node.JS 16.18.1 (LTS Lower)
 NOJSLL-221104, QNODEJSLL16181
 Node.JS 14.21.1 (Maintain)
 NOJSM-221104, QNODEJSM14211
 Apache Tomcat 8.5.83.0
 TOMCAT85-221025, QTOMCAT85830

 Java 8 Update 351
 JAVA8-221019, QJDK8U351
 Fixes 8 Vulnerabilities: CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628,
CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628
 Java Development Kit 11 Update 11.0.17
 JDK11-221018, QJDK11017
CVE-2022-39399
 Java Development Kit 17 Update 17.0.5
 JDK17-221018, QJDK1705
CVE-2022-21628, CVE-2022-39399

 Corretto 17.0.5.8.1
 CRTO17-221018, QCRTOJDK1705
2022-21628, CVE-2022-39399
 Corretto 11.0.17.8.1
2022-21626, CVE-2022-21628, CVE-2022-39399
 Corretto 8.352.08.1
2022-21628, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-
21628

 Azul Zulu 11.60.19 (11.0.17)
 ZULU11-221018, QZULUJDK116019
2022-21626
 Wireshark 3.6.9
 WIRES36-221026, QWIRES369EXE
 Fixes 4 Vulnerabilities: CVE-2022-3724, CVE-2022-3725, CVE-2022-3724, CVE-2022-
3725
 Zoom Rooms Client 5.12.2.1970
 ZOOMR-221017, QZOOMR51221970

Thank You!

2022 Novembre Patch Tuesday

More Related Content

2022 Novembre Patch Tuesday