Microsoft has patched two zero-day vulnerabilities this week – CVE-2022-41033 and CVE-2022-41043. CVE-2022-41033 is a Windows COM+ Event System Service Elevation of Privilege Vulnerability, while CVE-2022-41043 is a Microsoft Office Information Disclosure Vulnerability.
Discovered by an anonymous researcher, CVE-2022-41033 is an actively exploited vulnerability that has been given a CVSS rating of 7.8. Although the bug has a low attack complexity, it could allow an attacker to gain SYSTEM-level privileges if exploited. This kind of vulnerability is often associated with some form of social engineering, including tricking a target into opening a malicious document or browsing a malicious website.
CVE-2022-41043 is another low-complexity bug and was discovered by SpecterOps researcher, Cody Thomas. The vulnerability has not been exploited in the wild but if organizations don’t patch, it could allow an attacker to gain access to a target’s authentication tokens and other sensitive information.
These two zero-day vulnerabilities come on the heels of two previous Microsoft zero-days discussed last week. CVE-2022-41082 and CVE-2022-41040, now dubbed ProxyNotShell, are bugs that can be chained together and used to breach corporate networks. ProxyNotShell does not have a patch yet but Avertium recommends that you follow the workaround mentioned in our Flash Notice.
Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills.
Avertium recommends utilizing our service for DFIR (Digital Forensics and Incident Response) to help you rapidly assess, contain, eradicate, and recover from a security incident like a malware attack.
Fusion MXDR is the first MDR offering that fuses together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.
Please follow Microsoft’s guidance for patching CVE-2022-41033.
Please follow Microsoft’s guidance for patching CVE-2022-41043.
At this time, there are no known IoCs associated with CVE-2022-41033 and CVE-2022-41043. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
Microsoft October 2022 Patch Tuesday fixes zero-day used in attacks, 84 flaws (bleepingcomputer.com)
Still no fix for ProxyNotShell Microsoft Exchange bugs • The Register
Flash Notice: UPDATE - Microsoft Exchange Double Zero-Day Vulnerabilities (avertium.com)
This document and its contents do not constitute, and are not a substitute for, legal advice. The outcome of a Security Risk Assessment should be utilized to ensure that diligent measures are taken to lower the risk of potential weaknesses be exploited to compromise data.
Although the Services and this report may provide data that Client can use in its compliance efforts, Client (not Avertium) is ultimately responsible for assessing and meeting Client's own compliance responsibilities. This report does not constitute a guarantee or assurance of Client's compliance with any law, regulation or standard.
COPYRIGHT: Copyright © Avertium, LLC and/or Avertium Tennessee, Inc. | All rights reserved.
Learn what threat hunting is, what it has gained so much popularity,
how your business can benefit from its true value, and more.