Tripwire's November 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.
First on the patch priority list this month are patches for Microsoft Office, Word, and Excel that resolve 8 vulnerabilities, including remote code execution, information disclosure, and security feature bypass vulnerabilities.
Up next are patches that affect components of the core Windows operating system. These patches resolve over 40 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, Kernel, ALPC, Fax Service, Point-to-Point Tunneling Protocol, ODBC Driver, Graphics, AMD interactions issues, GDI+, and others.
Next are patches for Visual Studio and .NET that resolve 3 vulnerabilities including remote code execution and information disclosure.
Lastly, administrators should focus on server-side patches for SharePoint, Hyper-V, Network Policy Server, Exchange, and Dynamics. These patches resolve elevation of privilege, denial of service, spoofing, and remote code execution vulnerabilities.
|
BULLETIN |
CVE |
|
Microsoft Office Word |
CVE-2022-41060, CVE-2022-41103, CVE-2022-41061 |
|
Microsoft Office |
CVE-2022-41105, CVE-2022-41107 |
|
Microsoft Office Excel |
CVE-2022-41063, CVE-2022-41106, CVE-2022-41104 |
|
Windows |
CVE-2022-38023, CVE-2022-41054, CVE-2022-38014, CVE-2022-41053, CVE-2022-37967, CVE-2022-37966, CVE-2022-41049, CVE-2022-41091, CVE-2022-41055, CVE-2022-41052, CVE-2022-41113, CVE-2022-23824, CVE-2022-41116, CVE-2022-41090, CVE-2022-41044, CVE-2022-41088, CVE-2022-41039, CVE-2022-41048, CVE-2022-41047, CVE-2022-41096, CVE-2022-41057, CVE-2022-41114, CVE-2022-41058, CVE-2022-41128, CVE-2022-41118, CVE-2022-41086, CVE-2022-37992, CVE-2022-41101, CVE-2022-41102, CVE-2022-41125, CVE-2022-41098, CVE-2022-41109, CVE-2022-41092, CVE-2022-41093, CVE-2022-41050, CVE-2022-41073, CVE-2022-41099, CVE-2022-41100, CVE-2022-41045, CVE-2022-41120, CVE-2022-41095 |
|
.NET Framework |
CVE-2022-41064 |
|
Visual Studio |
CVE-2022-39253, CVE-2022-41119 |
|
Network Policy Server (NPS) |
CVE-2022-41056, CVE-2022-41097 |
|
Microsoft Office SharePoint |
CVE-2022-41062, CVE-2022-41122 |
|
Microsoft Exchange Server |
CVE-2022-41123, CVE-2022-41080, CVE-2022-41078, CVE-2022-41079 |
|
Microsoft Dynamics |
CVE-2022-41066 |
|
Windows Hyper-V |
CVE-2022-38015 |
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
