November 2022 : Microsoft Patch Tuesday Review

Today (08/11/2022) is the second Tuesday of this month and as part of the Microsoft patch Tuesday, November 2022 the company has released a bunch of cumulative updates to resolve vulnerabilities in its operating systems and other products, like the Microsoft Office productivity suite, while also addressing a series of other bugs related to performance and usability. Let’s look at the highlights from this month’s Windows security Patch Tuesday:

Today’s patch comes with fixes for six publicly exploited zero-day vulnerabilities and a total of 68 flaws. Where Eleven flaws are classified as ‘Critical’ as they allow privilege elevation, spoofing, or remote code execution and 57 are rated as important.

As per the release notes, the November 2022 patch fixed 27 Elevation of Privilege security issues, 4 security Feature Bypass Vulnerabilities, 16 Remote Code Execution bugs, 11 Information Disclosure vulnerabilities, 6  Denial of Service Vulnerabilities and 3 Spoofing Vulnerabilities.

Note – The above counts do not include two OpenSSL vulnerabilities fixed on 2nd November 2022.

Let’s take a closer look at some of the more interesting updates for this month,

CVE-2022-41128 – Windows Scripting Languages Remote Code Execution Vulnerability discovered by Clément Lecigne of Google’s Threat Analysis Group

“This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.”

CVE-2022-41091 – Windows Mark of the Web Security Feature Bypass Vulnerability discovered by Will Dormann.

“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.”

CVE-2022-41073 – Windows Print Spooler Elevation of Privilege Vulnerability discovered by Microsoft Threat Intelligence Center (MSTIC).

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”

CVE-2022-41125 – Windows CNG Key Isolation Service Elevation of Privilege Vulnerability discovered by Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”

CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability discovered by GTSC and disclosed through Zero Dat initiative.

“The privileges acquired by the attacker would be the ability to run PowerShell in the context of the system.”

CVE-2022-41082 – Microsoft Exchange Server Remote Code Execution Vulnerability discovered by GTSC and disclosed through Zero Dat initiative.

“The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call.”

The following client versions of Windows have known issues: Windows 7, Windows 8.1, Windows 10, Windows 11

• Windows 7 (extended support only): 21 vulnerabilities: 7 critical and 17 important
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability — CVE-2022-41039
  • Windows Scripting Languages Remote Code Execution Vulnerability — CVE-2022-41128
  • Windows Scripting Languages Remote Code Execution Vulnerability — CVE-2022-41118
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability — CVE-2022-41044
• Windows 8.1: 23 vulnerabilities: 4 critical and 19 important
  • Windows Scripting Languages Remote Code Execution Vulnerability — CVE-2022-41128
  • Windows Scripting Languages Remote Code Execution Vulnerability — CVE-2022-41118
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability — CVE-2022-41088
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability — CVE-2022-41039
• Windows 10: 37 vulnerabilities, 5 critical and 32 important
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability — CVE-2022-41039
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability — CVE-2022-41088
  • Windows Hyper-V Denial of Service Vulnerability —  CVE-2022-38015
  • Windows Scripting Languages Remote Code Execution Vulnerability — CVE-2022-41128
  • Windows Scripting Languages Remote Code Execution Vulnerability — CVE-2022-41118
• Windows 11: 35 vulnerabilities, 5 critical and 30 important
  • same as windows 10

Recent updates from other companies

Other vendors who released updates in November 2022 include:

• Apple released Xcode 14.1 with numerous security updates.
• Cisco released security updates for numerous products this month.
• Citrix released security updates for a ‘Critical’ authentication bypass in Citrix ADA and Gateway.
• Google released Android’s November security updates.
• Intel released the November 2022 security updates.
• OpenSSL released security updates for CVE-2022-3602 and CVE-2022-3786.
• SAP has released its November 2022 Patch Day updates.

Windows security updates November 2022

The 08 November 2022 (Patch Tuesday) windows security updates are the following:

• KB5019980 (OS Build 22621.819) for the latest windows 11 version 21H2
• KB5019961 (OS Build 22000.1219) for the latest windows 11 version 21H2
• KB5019959 (OS Builds 19045.2251) for the latest windows 10 version 21H2
• KB5019966 (OS Build 17763.3650) for the latest Windows 10 version 1809
• Windows 10 Anniversary Update (version 1607): KB5019964 (OS Build 14393.5501)
• Windows 7 and server 2008 R2 Monthly Rollup: KB5020000 and Security-Only: KB5020013
• Windows 8.1 and server 2012 R2 Monthly Rollup: KB5020023 and Security-only: KB5020010

All these updates only include minor patches and security fixes, rather than any new features.

Note: Windows 11 was released with a number of new features and improvements as a free upgrade for eligible Windows 10 devices. Here is how to upgrade to windows 11 for free.

Windows 7

Both monthly and security-only updates

• Updates the daylight-saving time (DST) for Jordan to prevent moving the clock back 1 hour on October 28, 2022. Additionally, changes the display name of Jordan standard time from “(UTC+02:00) Amman” to “(UTC+03:00) Amman”.
• Addresses an issue where, after installing the January 11, 2022 or later update, the Forest Trust creation process fails to populate the DNS name suffixes into the trust information attributes.
• Addresses security vulnerabilities in the Kerberos and Netlogon protocols as outlined in CVE-2022-38023, CVE-2022-37966, and CVE-2022-37967. For deployment guidance, see the following articles:
  • KB5020805: How to manage the Kerberos protocol changes related to CVE-2022-37967
  • KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023
  • KB5021131: How to manage the Kerberos protocol changes related to CVE-2022-37966

In addition Monthly Rollup: KB5020000

• Addresses an issue where Microsoft Azure Active Directory (AAD) Application Proxy Connector cannot retrieve a Kerberos ticket on behalf of the user because of the following general API error: “The handle specified is invalid (0x80090301).”
• Addresses a Distributed Component Object Model (DCOM) authentication hardening issue to automatically raise the authentication level for all non-anonymous activation requests from DCOM clients. This will occur if the authentication level is less than RPC_C_AUTHN_LEVEL_PKT_INTEGRITY

Windows 8.1

Both monthly and security-only updates, bring the same changelog as windows 7.

In addition Monthly Rollup: KB5020023

Addresses an issue where the Microsoft Visual C++ Redistributable Runtime does not load into the Local Security Authority Server Service (LSASS) when Protected Process Light (PPL) is enabled.

Windows 10

• Includes unspecified “miscellaneous security improvements to internal OS functionality”.
• Plus, everything is listed here as part of the preview update.

Windows 11

• Enhances search visual treatments on the taskbar to improve discoverability.
• Improves the backup experience when using your Microsoft Account (MSA)
• Adds improvements to the Microsoft Account experience in Settings
• With this update installed now when you right-click on the taskbar you will get the option to open taskmanager (this option was removed on the windows 11 initial release)
• There is a bug fix for an issue that affects Microsoft Edge when it is in IE Mode. The titles of pop-up windows and tabs are wrong
• The latest windows 11 update, addresses an issue in that stops the credential UI from displaying in IE mode when you use Microsoft Edge.
• Addresses an issue that might fail to sync the audio when you record gameplay using the Xbox Game Bar.
• An issue with the windows 11 start menu that stops working when you use keyboard commands to move pinned items to a folder at the end of a list is now fixed.
• It addresses an issue that affects Distributed Component Object Model (DCOM) authentication hardening.
• Fix an issue that affects the Windows Search service and cause Indexing progress very slow when you use the service
• It addresses an issue that might affect some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections.
• Addresses an issue that affects the CopyFile function. It returns ERROR_INVALID_HANDLE instead of ERROR_FILE_NOT_FOUND when it is called with an invalid source file.

Microsoft Security update download

All these Windows 10 November 2022 Patch Tuesday updates are automatically downloaded and installed via windows update. Or you force Windows update from settings, update & security check for updates to install the latest patch updates immediately.

Windows 11 KB5019980 (Version 22H2) offline installer Direct Download Link 64-bit.

Windows 11 KB5019961 (Version 21H2) offline installer Direct Download Link 64-bit.

Windows 10 KB5019959 (For versions 21H2 and 21H1) Direct Download Links: 64-bit and 32-bit (x86).

Windows 10 KB5019966 (for version 1809) Offline Download links

• KB5019966 64-bit | Download
• KB5019966 32-bit | Download

If you are Looking for Windows 10 version 22H2 ISO image click here.

Or Check How to Upgrade to Windows 10 version 22H2 Using the media creation tool

If you face any difficulty while installing these updates, Check Windows 10 Update troubleshooting guide to fix the windows 10 Cumulative update KB5019959 stuck downloading, failed to install with different errors, etc.

Note: New Windows Security Updates are available for Windows 7 and 8.1 as well, read the changelog here.

FAQ on Patch Tuesday update

What is Patch Tuesday?
Patch Tuesday is the colloquial term for Microsoft’s Update Tuesday which falls on the second Tuesday of every month.

When is Patch Tuesday?
Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on December 13, 2022.

What is patching and why is it important?
Patches are nothing but pieces of software code that are written to fix a bug in a software application, that might lead to a vulnerability.

What kind of patch updates are released during Patch Tuesday?
Predominantly security patch updates of varying severity like Critical, Important, Moderate & Low are labeled and released.

What are CVE IDs?
CVE ID – Common Vulnerabilities and Exposure ID is a format in which each vulnerability is disclosed and cataloged in the National Vulnerability Database (NVD).

Also Read

• Complete Review of Microsoft Windows 10 Operating system
• Solved: Microsoft edge not working after the windows 10 update
• can’t connect securely to this page ie11 or edge windows 10
• Windows 10 Stuck Preparing Automatic Repair? Here is how to fix
• Everything About IP (Internet Protocol) Address – Purpose to Benefits explained