#Exchange sorty update#
(Microsoft released patches for CVE-2022-41040 and CVE-2022-41082 under separate cover, pointing users directly to the Microsoft Update catalog and describing guidance for customers who had already followed previous mitigation advice. However, CVE-2022-41080 (Microsoft Exchange Server Elevation of Privilege Vulnerability), a Critical Elevation of Privilege bug, has been patched Microsoft assesses that exploitation is more likely in the latest software release. It’s worth noting that CVE-2022-41040 and CVE-2022-41082 ( two flaws in Exchange, collectively known as ProxyNotShell) are not among the issues listed in this month’s release. According to Microsoft, everything else is undisclosed and unexploited. Three others (CVE-2022-41073, a Print Spooler Elevation of Privilege vulnerability CVE-2022-41125, a CNG Key Isolation Elevation of Privilege vulnerability and CVE-2022-41128, a Windows Scripting Languages Remote Code Execution Vulnerability) have been exploited.
One vulnerability (CVE-2022-41091, a Mark of the Web bypass bug) has been publicly disclosed and exploited in the wild. SharePoint and the Open Database Connectivity (ODBC) driver also come in at two apiece, while there’s one patch each for Visual Studio. As in previous months, the majority of CVEs affect Windows, with a total of 41 CVEs, followed by eight in Office and four in Exchange.Īs with October’s release, Azure admins get a welcome breather, with only two patches – one a Remote Code Execution bug, the other an Elevation of Privilege vulnerability, both rated Important. This includes nine Critical-class issues affecting Exchange and Windows.
Microsoft on Tuesday released patches for 62 vulnerabilities in nine Microsoft product families.
0 kommentar(er)
