Microsoft Security Bulletin Coverage for November 2022

By

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2022. A list of issues reported, along with SonicWall coverage information, is as follows:

CVE-2022-41057 Windows HTTP.sys Elevation of Privilege Vulnerability
ASPY 380: Malformed-File exe.MP_281

CVE-2022-41096 Microsoft DWM Core Library Elevation of Privilege Vulnerability
ASPY 381: Malformed-File exe.MP_282

CVE-2022-41109 Windows Win32k Elevation of Privilege Vulnerability
ASPY 382: Malformed-File exe.MP_287

CVE-2022-41113 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
ASPY 383: Malformed-File exe.MP_288

CVE-2022-41118 Windows Scripting Languages Remote Code Execution Vulnerability
IPS 15529: Windows Scripting Languages Remote Code Execution (CVE-2022-41118)

CVE-2022-41125 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
ASPY 384: Malformed-File exe.MP_289

The following vulnerabilities do not have exploits in the wild :
CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-37992 Windows Group Policy Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-38014 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-38015 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41039 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-41044 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-41045 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41047 Microsoft ODBC Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-41048 Microsoft ODBC Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-41049 Windows Mark of the Web Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-41050 Windows Extensible File Allocation Table Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41051 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-41052 Windows Graphics Component Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-41053 Windows Kerberos Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-41054 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41055 Windows Human Interface Device Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-41056 Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-41058 Windows Network Address Translation (NAT) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-41060 Microsoft Word Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-41061 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-41062 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-41063 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-41064 .NET Framework Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-41066 Microsoft Business Central Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-41073 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41078 Microsoft Exchange Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2022-41079 Microsoft Exchange Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2022-41080 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41085 Azure CycleCloud Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41086 Windows Group Policy Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41088 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-41090 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-41091 Windows Mark of the Web Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-41092 Windows Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41093 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41095 Windows Digital Media Receiver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41097 Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-41098 Windows GDI+ Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-41099 BitLocker Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-41100 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41101 Windows Overlay Filter Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41102 Windows Overlay Filter Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41103 Microsoft Word Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-41104 Microsoft Excel Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-41105 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-41106 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-41107 Microsoft Office Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-41114 Windows Bind Filter Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41116 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-41119 Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-41120 Microsoft Windows Sysmon Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41122 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2022-41123 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41128 Windows Scripting Languages Remote Code Execution Vulnerability
There are no known exploits in the wild.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.