Key Patches in November 2022 Microsoft Updates

It’s always tempting to put off some updates and patches, and we cybersecurity folks understand why. Sometimes they have unintended consequences that can interrupt workflow. Those little bugs are typically resolved eventually, but in the meantime, Microsoft’s problems will be yours to work through. 

That said, the updates Microsoft released on November 8th shouldn’t be left in the “someday” pile. These important updates include patches for six actively exploited vulnerabilities that impact Windows and Exchange Server. 

What Windows Products Are Affected (and How) by This Microsoft Release

If you are using any of the following Windows products, you should apply this round of updates ASAP:

• Windows Servers: 2022, 2019, 2016, 2012, and 2012 R2

• Datacenter: Azure Edition

• Windows: 11, 10, 8.1, RT 8.1, 7

What Vulnerabilities Were Found?

 1. Remote Code Execution (RCE)

JScript9 scripting language was found to have a Remote Code Execution vulnerability. Generally speaking, this type of security vulnerability allows hackers to run code on a machine remotely through either a public or private network. In this particular instance, a hacker could exploit this vulnerability by using phishing techniques designed to lure users to a malicious server.

2. Print Spooler Elevation of Privilege 

This vulnerability allows a user with very low privilege to nevertheless access system-level privileges.

3. CNG Key Isolation Service Elevation of Privilege 

This vulnerability also allows a user with very low privilege to access system-level privileges.

4. Mark of the Web Security Feature Bypass

Some security features, like Protected View in Microsoft Office, can be rendered less effective. A hacker may exploit this vulnerability in order to send a targeted end-user a malicious link without a safety warning popping up. In order to cause further harm, however, a cybercriminal would have to convince the end user to navigate to the malicious site and download malware or enter sensitive data.

What Exchange Servers Are Affected (and How)

The following servers should also be updated, if you haven’t already: 

• Microsoft Exchange Servers: 2019, 2016, 2013
  

What Vulnerabilities Were Found?

1. Remote Code Execution (RCE)

These two vulnerabilities — CVE-2022-41082 and CVE-2022-41040 — can be used in tandem to allow unauthorized users to execute commands remotely.

2. Microsoft Exchange Server Elevation of Privilege

This vulnerability can be exploited by a hacker to run PowerShell to execute malicious tasks.

3. Microsoft Exchange Server Remote Code Execution

This vulnerability could allow RCE within the server’s account through a network call. The hacker would need to be authenticated on the Exchange Server in order to successfully exploit this vulnerability.

Our Recommendations 

We don’t live in a perfect world. IT teams are frequently overwhelmed and understaffed. But cybersecurity should be a top priority for any organization — regardless of its size. Even though small businesses may not see themselves as a potential target for cybercriminals, they are, and they’re actually the most under threat.

Proper Patch Management 

I know it’s annoying, and updates sometimes lead to more annoyances. But resist the temptation to put them off. The longer you leave these vulnerabilities unaddressed, the longer hackers have to exploit them. According to recent data from the Ponemon Institute and ServiceNow, 48% of organizations have experienced a data breach in the past two years, and 57% of those breached identified the cause as an unpatched but known vulnerability. 

These frequent updates are aggravating, but they’re also signs that software developers like Microsoft actually care about your security. And you can always test any updates before deploying them throughout your organization to reduce the chance of disruption.

Restrict Access

Use Zero-Trust Architecture whenever possible. You may have noticed that some of these vulnerabilities center around granting advanced privileges to authorized but non-admin users. To combat these and other vulnerabilities that will no doubt surface, do the following:

• Apply Access Control List restrictions on the Exchange’s control panel and other directories
• Restrict access to Exchange servers
• Restrict unnecessary traffic and ports where possible— for Exchange servers, necessary ports include 25, 53, 80, 123, and 443. 

Restrict PowerShell 

Disable remote access to PowerShell for low-privilege users.

Are You Following Cybersecurity Best Practices?  

In addition to applying security updates promptly and adding these recommendations to your to-do list, are you doing everything you can to deter cyberattacks? Our interactive security checklist is aligned with the National Institute of Standards and Technology Cybersecurity Framework, and is designed to help you identify any security weaknesses so you can address them. 

If you need help with any to-dos outlined in the checklist, our US-based team of cybersecurity experts is at the ready. And if applying patches and updates promptly is a consistent issue for your team, our managed IT services can help you lighten the load.