Microsoft Patches Six Exploited Zero-Days

Microsoft’s Patch Tuesday is a regularly scheduled affair. The rollout occurs on the second Tuesday of every month, and allows Microsoft to release all available security updates and bug fixes at once. Sometimes, Patch Tuesday is a boring update, but, other times, it’s chock full of fixes for serious security vulnerabilities. This latest Patch Tuesday is the latter.

Microsoft’s last Patch Tuesday dropped on the 8th, and included patches for a total of 68 flaws. Six of those flaws are particularly nasty, as they’re actively exploited zero-days. Zero-days vulnerabilities are concerning because they are flaws previously unknown to Microsoft. Since these zero-days were actively exploited, it means some bad actors have known about them, and taken advantage of them. It isn’t clear how widespread the malicious activity is, but it doesn’t change your approach: You should update your systems as soon as possible.

You can see the six actively exploited zero-days patched in this update below:

CVE-2022-41028 – Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-41128 – Windows Scripting Languages Remote Code Execution Vulnerability
CVE-2022-41091 – Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2022-41073 – Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-41125 – Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

Looking at the update more broadly, we can see how many of each patch there is for each type of vulnerability. Most of the flaws, 27 out of 68, are “elevation of privilege” vulnerabilities, which essentially allow bad actors to trick your system into giving them administrative privileges.