VERT Threat Alert: October 2022 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s October 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1025 on Wednesday, October 12th.
In-The-Wild & Disclosed CVEs
A vulnerability in the Windows COM+ Event System service could allow malicious individuals to obtain SYSTEM level access on all supported versions of Windows. The system is responsible for providing automatic distribution of events to subscribing COM components. According to Microsoft, this vulnerability is currently seeing active exploitation.
A vulnerability in Microsoft Office for Mac could allow for the disclosure of user tokens and other sensitive information. According to Microsoft, this vulnerability has been publicly disclosed, but is not currently seeing active exploitation.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed
| Tag | CVE Count | CVEs |
| Windows Workstation Service | 1 | CVE-2022-38034 |
| Microsoft Office Word | 2 | CVE-2022-38049, CVE-2022-41031 |
| Windows USB Serial Driver | 1 | CVE-2022-38030 |
| Windows Portable Device Enumerator Service | 1 | CVE-2022-38032 |
| Windows Group Policy | 1 | CVE-2022-37975 |
| Windows Local Session Manager (LSM) | 2 | CVE-2022-37998, CVE-2022-37973 |
| Windows Distributed File System (DFS) | 1 | CVE-2022-38025 |
| Windows Internet Key Exchange (IKE) Protocol | 1 | CVE-2022-38036 |
| Active Directory Domain Services | 1 | CVE-2022-38042 |
| Microsoft Office SharePoint | 4 | CVE-2022-41036, CVE-2022-41037, CVE-2022-38053, CVE-2022-41038 |
| Remote Access Service Point-to-Point Tunneling Protocol | 1 | CVE-2022-37965 |
| Windows Web Account Manager | 1 | CVE-2022-38046 |
| Visual Studio Code | 3 | CVE-2022-41034, CVE-2022-41083, CVE-2022-41042 |
| Windows Perception Simulation Service | 1 | CVE-2022-37974 |
| Windows Secure Channel | 1 | CVE-2022-38041 |
| Windows Connected User Experiences and Telemetry | 1 | CVE-2022-38021 |
| Windows Security Support Provider Interface | 1 | CVE-2022-38043 |
| Microsoft Graphics Component | 5 | CVE-2022-33635, CVE-2022-37986, CVE-2022-38051, CVE-2022-37985, CVE-2022-37997 |
| Windows Kernel | 8 | CVE-2022-38022, CVE-2022-37988, CVE-2022-38037, CVE-2022-38038, CVE-2022-37990, CVE-2022-38039, CVE-2022-37991, CVE-2022-37995 |
| Windows DWM Core Library | 2 | CVE-2022-37970, CVE-2022-37983 |
| Windows Local Security Authority Subsystem Service (LSASS) | 1 | CVE-2022-37977 |
| Windows Point-to-Point Tunneling Protocol | 7 | CVE-2022-30198, CVE-2022-22035, CVE-2022-24504, CVE-2022-33634, CVE-2022-38047, CVE-2022-38000, CVE-2022-41081 |
| Microsoft Office | 3 | CVE-2022-38048, CVE-2022-38001, CVE-2022-41043 |
| Windows ODBC Driver | 1 | CVE-2022-38040 |
| NuGet Client | 1 | CVE-2022-41032 |
| Client Server Run-time Subsystem (CSRSS) | 2 | CVE-2022-37987, CVE-2022-37989 |
| Windows Defender | 1 | CVE-2022-37971 |
| Windows NTLM | 1 | CVE-2022-35770 |
| Windows CryptoAPI | 1 | CVE-2022-34689 |
| Windows Local Security Authority (LSA) | 1 | CVE-2022-38016 |
| Windows Group Policy Preference Client | 3 | CVE-2022-37999, CVE-2022-37993, CVE-2022-37994 |
| Windows Event Logging Service | 1 | CVE-2022-37981 |
| Microsoft WDAC OLE DB provider for SQL | 2 | CVE-2022-37982, CVE-2022-38031 |
| Windows Active Directory Certificate Services | 2 | CVE-2022-37976, CVE-2022-37978 |
| Service Fabric | 1 | CVE-2022-35829 |
| Windows Win32K | 1 | CVE-2022-38050 |
| Azure | 1 | CVE-2022-38017 |
| Windows TCP/IP | 1 | CVE-2022-33645 |
| Windows Resilient File System (ReFS) | 1 | CVE-2022-38003 |
| Windows Server Remotely Accessible Registry Keys | 1 | CVE-2022-38033 |
| Windows COM+ Event System Service | 1 | CVE-2022-41033 |
| Windows Server Service | 1 | CVE-2022-38045 |
| Windows Print Spooler Components | 1 | CVE-2022-38028 |
| Role: Windows Hyper-V | 1 | CVE-2022-37979 |
| Windows Storage | 1 | CVE-2022-38027 |
| Windows WLAN Service | 1 | CVE-2022-37984 |
| Microsoft Edge (Chromium-based) | 12 | CVE-2022-3304, CVE-2022-3307, CVE-2022-3308, CVE-2022-3310, CVE-2022-3311, CVE-2022-3313, CVE-2022-3315, CVE-2022-3316, CVE-2022-3317, CVE-2022-3370, CVE-2022-3373, CVE-2022-41035 |
| Azure Arc | 1 | CVE-2022-37968 |
| Windows ALPC | 1 | CVE-2022-38029 |
| Windows DHCP Client | 2 | CVE-2022-38026, CVE-2022-37980 |
| Windows CD-ROM Driver | 1 | CVE-2022-38044 |
| Windows NTFS | 1 | CVE-2022-37996 |
Other Information
At the time of publication, there were no new advisories included with the October Security Guidance.
The post ” VERT Threat Alert: October 2022 Patch Tuesday Analysis” appeared first on TripWire
Source:TripWire – Tyler Reguly