VULNERA Pulse

Microsoft — Windows

CVE-2022-41128 / Added: Nov. 8, 2022

HIGH CVSS 8.80

Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.

Headlines

• Nov. 9, 2022 - Microsoft's November 2022 Patch Tuesday fixes 6 zero-day security flaws
• Nov. 9, 2022 - Microsoft ships 68 patches, including 10 rated critical

Back to top ↑

Microsoft — Windows

CVE-2022-41073 / Added: Nov. 8, 2022

HIGH CVSS 7.80

Microsoft Windows Print Spooler contains an unspecified vulnerability which allows an attacker to gain SYSTEM-level privileges.

Headlines

• Nov. 9, 2022 - Rezilion expands SBOM to support Windows environments

Back to top ↑

Microsoft — Windows

CVE-2022-41125 / Added: Nov. 8, 2022

HIGH CVSS 7.80

Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability which allows an attacker to gain SYSTEM-level privileges.

Headlines

• Nov. 8, 2022 - Microsoft Scrambles to Thwart New Zero-Day Attacks

Back to top ↑

Microsoft — Windows

CVE-2022-41091 / Added: Nov. 8, 2022

MEDIUM CVSS 5.40

Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Headlines

• Nov. 9, 2022 - Microsoft’s November Patch Tuesday Updates Fix 69 Windows Flaws

Back to top ↑

Samsung — Mobile Devices

CVE-2021-25337 / Added: Nov. 8, 2022

HIGH CVSS 7.10

Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370.

Headlines

• Nov. 9, 2022 - Surveillance vendor exploited Samsung phone zero-days

Back to top ↑

Samsung — Mobile Devices

CVE-2021-25369 / Added: Nov. 8, 2022

MEDIUM CVSS 5.50

Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370.

Back to top ↑

Samsung — Mobile Devices

CVE-2021-25370 / Added: Nov. 8, 2022

MEDIUM CVSS 4.40

Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369.

Back to top ↑

CVE-2022-40304

CVSS Not Assigned

Risk Context N/A

Published: Nov. 23, 2022

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

Quotes

• When an entity reference cycle is detected, the entity content is cleared by setting its first byte to zero. But the entity content might be allocated from a dict. In this case, the dict entry becomes corrupted leading to all kinds of logic errors, including memory errors like double-frees - Security Affairs
• A remote user may be able to cause unexpected app termination or arbitrary code execution - Naked Security - Sophos
• For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available - Latest news
• I've not seen evidence of exploitation of the issues fixed in iOS 16.1.1-but that doesn't really mean much - Forbes - Cybersecurity

Headlines

• Nov. 10, 2022 - Apple iOS 16.1.1 Release: Should You Upgrade?
• Nov. 10, 2022 - Apple out-of-band patches fix remote code execution bugs in iOS and macOS
• Nov. 10, 2022 - Emergency code execution patch from Apple – but not an 0-day
• Nov. 10, 2022 - Apple Patches Remote Code Execution Flaws in iOS, macOS
• Nov. 10, 2022 - iPhone iOS 16.1.1 fixes two security vulnerabilities - time to update
• Nov. 10, 2022 - Apple releases macOS Ventura 13.0.1, iOS 16.1.1 and iPadOS 16.1.1 to patch two security issues
• Nov. 10, 2022 - iOS 16.1.1—Apple Issues Important Update For All iPhone Users
• Nov. 10, 2022 - Apple Releases iOS 16.1.1: iPhone Users Urged To Update Now For Important Fixes
• Nov. 10, 2022 - Apple releases macOS Ventura 13.0.1 to address bugs and security patches
• Nov. 10, 2022 - Apple iOS 16.1.1 Now Available for Update—AirDrop in China Restricts 'Everyone' for 10 Minutes
• Nov. 9, 2022 - iOS 16.1.1 released with bug fixes and security updates
• Nov. 9, 2022 - iOS 16.1.1 includes fixes for two libxml vulnerabilities
• Nov. 9, 2022 - Apple releases macOS 13.0.1 with two security patches and additional bug fixes

CVE-2022-40303

HIGH CVSS 7.50

Risk Context N/A

Published: Nov. 23, 2022

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

Quotes

• When an entity reference cycle is detected, the entity content is cleared by setting its first byte to zero. But the entity content might be allocated from a dict. In this case, the dict entry becomes corrupted leading to all kinds of logic errors, including memory errors like double-frees - Security Affairs
• A remote user may be able to cause unexpected app termination or arbitrary code execution - Naked Security - Sophos
• For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available - Latest news
• I've not seen evidence of exploitation of the issues fixed in iOS 16.1.1-but that doesn't really mean much - Forbes - Cybersecurity

Headlines

• Nov. 10, 2022 - Apple iOS 16.1.1 Release: Should You Upgrade?
• Nov. 10, 2022 - Apple out-of-band patches fix remote code execution bugs in iOS and macOS
• Nov. 10, 2022 - Emergency code execution patch from Apple – but not an 0-day
• Nov. 10, 2022 - Apple Rolls Out iOS 16.1.1 for iPhone Users With Bug Fixes and Security Enhancements
• Nov. 10, 2022 - Apple Patches Remote Code Execution Flaws in iOS, macOS
• Nov. 10, 2022 - iPhone iOS 16.1.1 fixes two security vulnerabilities - time to update
• Nov. 10, 2022 - Apple releases macOS Ventura 13.0.1, iOS 16.1.1 and iPadOS 16.1.1 to patch two security issues
• Nov. 10, 2022 - iOS 16.1.1—Apple Issues Important Update For All iPhone Users
• Nov. 10, 2022 - Apple Releases iOS 16.1.1: iPhone Users Urged To Update Now For Important Fixes
• Nov. 10, 2022 - Apple releases macOS Ventura 13.0.1 to address bugs and security patches
• Nov. 10, 2022 - Apple iOS 16.1.1 Now Available for Update—AirDrop in China Restricts 'Everyone' for 10 Minutes
• Nov. 9, 2022 - iOS 16.1.1 released with bug fixes and security updates
• Nov. 9, 2022 - iOS 16.1.1 includes fixes for two libxml vulnerabilities
• Nov. 9, 2022 - Apple patches a pair of security flaws with macOS Ventura 13.0.1 update
• Nov. 9, 2022 - Apple releases iOS 16.1.1 with bug fixes and security updates
• Nov. 9, 2022 - Apple releases macOS 13.0.1 with two security patches and additional bug fixes

CVE-2022-41128

HIGH CVSS 8.80

CISA Known Exploited Actively Exploited Remote Code Execution

Published: Nov. 9, 2022

Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118.

Vendor Impacted: Microsoft

Products Impacted: Windows Server 2012, Windows 7, Windows Server 2022, Windows 8.1, Windows, Windows Server 2019, Windows Server 2016, Windows 11, Windows 10, Windows Server 2008

Quotes

• Considering it's a browse-and-own type of scenario, I expect this will be a popular bug to include in exploit kits - Latest news
• A Dynamic SBOM that supports Windows environments widens the scope of possibility and gives the ability to a massive number of new customers to meet regulatory standards and detect and manage their software vulnerabilities strategically - CSO Online
• We recommend applying patches within 24 hours if you have vulnerable on-prem or hybrid exchange servers where temporary mitigation has not been applied - infosecurity-magazine.com
• The big news is that two older zero-day CVEs affecting Exchange Server, made public at the end of September, have finally been fixed - The Hacker News
• Windows Mark of the Web - Krebs on Security
• More likely to be exploited - The Register - Security
• At long last, Microsoft released patches for the ProxyNotShell vulnerabilities that are being actively exploited by Chinese threat actors - Dark Reading

Headlines

• Nov. 9, 2022 - Microsoft's November 2022 Patch Tuesday fixes 6 zero-day security flaws
• Nov. 9, 2022 - Microsoft just released a whole host of security fixes, so patch now
• Nov. 9, 2022 - Microsoft Patch Tuesday fixes 11 critical security vulnerabilities and six zero-days being actively exploited
• Nov. 9, 2022 - Rezilion expands SBOM to support Windows environments
• Nov. 9, 2022 - Microsoft Patches Six Zero-Day Bugs this Month
• Nov. 9, 2022 - Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days
• Nov. 9, 2022 - Patch Tuesday, November 2022 Election Edition
• Nov. 9, 2022 - Microsoft ships 68 patches, including 10 rated critical
• Nov. 9, 2022 - Microsoft squashes six security bugs already exploited in the wild
• Nov. 9, 2022 - Patches for 6 zero-days under active exploit are now available from Microsoft
• Nov. 8, 2022 - Microsoft Quashes Bevy of Actively Exploited Zero-Days for November Patch Tuesday
• Nov. 8, 2022 - Microsoft Scrambles to Thwart New Zero-Day Attacks
• Nov. 8, 2022 - Microsoft patches 62 vulnerabilities, including Kerberos, and Mark of the Web, and Exchange…sort of

CVE-2022-41125

HIGH CVSS 7.80

CISA Known Exploited

Published: Nov. 9, 2022

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability.

Vendor Impacted: Microsoft

Products Impacted: Windows Server 2012, Windows 7, Windows Server 2022, Windows 8.1, Windows, Windows Server 2019, Windows Server 2016, Windows 11, Windows 10

Quotes

• Considering it's a browse-and-own type of scenario, I expect this will be a popular bug to include in exploit kits - Latest news
• A Dynamic SBOM that supports Windows environments widens the scope of possibility and gives the ability to a massive number of new customers to meet regulatory standards and detect and manage their software vulnerabilities strategically - CSO Online
• We recommend applying patches within 24 hours if you have vulnerable on-prem or hybrid exchange servers where temporary mitigation has not been applied - infosecurity-magazine.com
• Windows Mark of the Web - Krebs on Security
• More likely to be exploited - The Register - Security
• At long last, Microsoft released patches for the ProxyNotShell vulnerabilities that are being actively exploited by Chinese threat actors - Dark Reading

Headlines

• Nov. 9, 2022 - Microsoft just released a whole host of security fixes, so patch now
• Nov. 9, 2022 - Microsoft Patch Tuesday fixes 11 critical security vulnerabilities and six zero-days being actively exploited
• Nov. 9, 2022 - Rezilion expands SBOM to support Windows environments
• Nov. 9, 2022 - Microsoft Patches Six Zero-Day Bugs this Month
• Nov. 9, 2022 - Patch Tuesday, November 2022 Election Edition
• Nov. 9, 2022 - Microsoft ships 68 patches, including 10 rated critical
• Nov. 9, 2022 - Microsoft squashes six security bugs already exploited in the wild
• Nov. 9, 2022 - Patches for 6 zero-days under active exploit are now available from Microsoft
• Nov. 8, 2022 - Microsoft Quashes Bevy of Actively Exploited Zero-Days for November Patch Tuesday
• Nov. 8, 2022 - Microsoft Scrambles to Thwart New Zero-Day Attacks
• Nov. 8, 2022 - Microsoft patches 62 vulnerabilities, including Kerberos, and Mark of the Web, and Exchange…sort of

CVE-2022-41091

MEDIUM CVSS 5.40

CISA Known Exploited

Published: Nov. 9, 2022

Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049.

Vendor Impacted: Microsoft

Products Impacted: Windows Server 2022, Windows, Windows Server 2019, Windows Server 2016, Windows 11, Windows 10

Quotes

• An attacker can craft a malicious file that would evade MotW defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MotW tagging - SecurityWeek
• Considering it's a browse-and-own type of scenario, I expect this will be a popular bug to include in exploit kits - Latest news
• A Dynamic SBOM that supports Windows environments widens the scope of possibility and gives the ability to a massive number of new customers to meet regulatory standards and detect and manage their software vulnerabilities strategically - CSO Online
• We recommend applying patches within 24 hours if you have vulnerable on-prem or hybrid exchange servers where temporary mitigation has not been applied - infosecurity-magazine.com
• The big news is that two older zero-day CVEs affecting Exchange Server, made public at the end of September, have finally been fixed - The Hacker News
• Windows Mark of the Web - Krebs on Security
• More likely to be exploited - The Register - Security
• At long last, Microsoft released patches for the ProxyNotShell vulnerabilities that are being actively exploited by Chinese threat actors - Dark Reading

Headlines

• Nov. 9, 2022 - Microsoft Patches MotW Zero-Day Exploited for Malware Delivery
• Nov. 9, 2022 - Microsoft just released a whole host of security fixes, so patch now
• Nov. 9, 2022 - Microsoft’s November Patch Tuesday Updates Fix 69 Windows Flaws
• Nov. 9, 2022 - Microsoft Patch Tuesday fixes 11 critical security vulnerabilities and six zero-days being actively exploited
• Nov. 9, 2022 - Rezilion expands SBOM to support Windows environments
• Nov. 9, 2022 - Microsoft Patches Six Zero-Day Bugs this Month
• Nov. 9, 2022 - Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days
• Nov. 9, 2022 - Patch Tuesday, November 2022 Election Edition
• Nov. 9, 2022 - Microsoft ships 68 patches, including 10 rated critical
• Nov. 9, 2022 - Microsoft squashes six security bugs already exploited in the wild
• Nov. 9, 2022 - Patches for 6 zero-days under active exploit are now available from Microsoft
• Nov. 8, 2022 - Microsoft Quashes Bevy of Actively Exploited Zero-Days for November Patch Tuesday
• Nov. 8, 2022 - Microsoft Scrambles to Thwart New Zero-Day Attacks
• Nov. 8, 2022 - Microsoft patches 62 vulnerabilities, including Kerberos, and Mark of the Web, and Exchange…sort of

CVE-2022-41073

HIGH CVSS 7.80

CISA Known Exploited

Published: Nov. 9, 2022

Windows Print Spooler Elevation of Privilege Vulnerability.

Vendor Impacted: Microsoft

Products Impacted: Windows Server 2012, Windows 7, Windows Server 2022, Windows 8.1, Windows, Windows Server 2019, Windows Server 2016, Windows 11, Windows 10, Windows Server 2008

Quotes

• Considering it's a browse-and-own type of scenario, I expect this will be a popular bug to include in exploit kits - Latest news
• A Dynamic SBOM that supports Windows environments widens the scope of possibility and gives the ability to a massive number of new customers to meet regulatory standards and detect and manage their software vulnerabilities strategically - CSO Online
• We recommend applying patches within 24 hours if you have vulnerable on-prem or hybrid exchange servers where temporary mitigation has not been applied - infosecurity-magazine.com
• Windows Mark of the Web - Krebs on Security
• More likely to be exploited - The Register - Security
• At long last, Microsoft released patches for the ProxyNotShell vulnerabilities that are being actively exploited by Chinese threat actors - Dark Reading

Headlines

• Nov. 9, 2022 - Microsoft just released a whole host of security fixes, so patch now
• Nov. 9, 2022 - Microsoft Patch Tuesday fixes 11 critical security vulnerabilities and six zero-days being actively exploited
• Nov. 9, 2022 - Rezilion expands SBOM to support Windows environments
• Nov. 9, 2022 - Microsoft Patches Six Zero-Day Bugs this Month
• Nov. 9, 2022 - Patch Tuesday, November 2022 Election Edition
• Nov. 9, 2022 - Microsoft ships 68 patches, including 10 rated critical
• Nov. 9, 2022 - Microsoft squashes six security bugs already exploited in the wild
• Nov. 9, 2022 - Patches for 6 zero-days under active exploit are now available from Microsoft
• Nov. 8, 2022 - Microsoft Quashes Bevy of Actively Exploited Zero-Days for November Patch Tuesday
• Nov. 8, 2022 - Microsoft Scrambles to Thwart New Zero-Day Attacks
• Nov. 8, 2022 - Microsoft patches 62 vulnerabilities, including Kerberos, and Mark of the Web, and Exchange…sort of

CVE-2022-20465

MEDIUM CVSS 4.60

Risk Context N/A

Published: Nov. 8, 2022

In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-218500036

Vendor Impacted: Google

Product Impacted: Android

Quotes

• Unlockable but only with a passcode - Naked Security - Sophos
• Dismiss and related functions of KeyguardHostViewController.java and related files - SecurityWeek
• The issue allowed an attacker with physical access to bypass the lock screen protections (fingerprint, PIN, etc.) and gain complete access to the user's device. The vulnerability is tracked as CVE-2022-20465 and it might affect other Android vendors as well - Security Affairs
• After I calmed down a little bit, I realized that indeed, this is a got d*mn full lock screen bypass, on the fully patched Pixel 6. I got my old Pixel 5 and tried to reproduce the bug there as well. It worked too - Dark Reading
• It was a fresh boot, and instead of the usual lock icon, the fingerprint icon was showing - The Daily Swig | Cybersecurity news and views
• The issue allowed an attacker with physical access to bypass the lock screen protections (fingerprint, PIN, etc.) and gain complete access to the user's device - The Hacker News

Headlines

• Nov. 11, 2022 - Dangerous SIM-swap lockscreen bypass – update Android now!
• Nov. 11, 2022 - Google Pays $70k for Android Lock Screen Bypass
• Nov. 11, 2022 - Researcher received a $70k award for a Google Pixel lock screen bypass
• Nov. 11, 2022 - Google Pixel Bug That Allowed Bypassing the Lock Screen Fixed With November Update
• Nov. 10, 2022 - 5 Easy Steps to Bypass Google Pixel Lock Screens
• Nov. 10, 2022 - Hacker discovers lock screen bypass bug that affects all Google Pixels
• Nov. 10, 2022 - Google Pixel screen-lock hack earns researcher $70k
• Nov. 10, 2022 - Pixel bug can unlock a phone using SIM card, fixed in November update
• Nov. 10, 2022 - Hacker Rewarded $70,000 for Finding Way to Bypass Google Pixel Phones' Lock Screens
• Nov. 10, 2022 - Nasty vulnerability shows Galaxy phones can be safer than Google Pixels
• Nov. 10, 2022 - Accidental $70k Google Pixel Lock Screen Bypass

CVE-2022-41082

HIGH CVSS 8.80

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: Oct. 3, 2022

Microsoft Exchange Server Remote Code Execution Vulnerability.

Vendor Impacted: Microsoft

Product Impacted: Exchange Server

Quotes

• Walk around, are they tight? Do they pinch? - Naked Security - Sophos
• We were only trying to help - Naked Security - Sophos
• They were expected last month, but they are finally here (along with several other Exchange fixes). These bugs were purchased by the ZDI at the beginning of September and reported to Microsoft at the time. At some point later, they were detected in the wild. Microsoft has released several different mitigation recommendations, but the best advice is to test and deploy these fixes - Security Affairs
• Considering it's a browse-and-own type of scenario, I expect this will be a popular bug to include in exploit kits - Latest news
• A Dynamic SBOM that supports Windows environments widens the scope of possibility and gives the ability to a massive number of new customers to meet regulatory standards and detect and manage their software vulnerabilities strategically - CSO Online
• We recommend applying patches within 24 hours if you have vulnerable on-prem or hybrid exchange servers where temporary mitigation has not been applied - infosecurity-magazine.com
• It took Microsoft more than two months to provide the patch, even though the company admitted that ProxyNotShell actively exploited the vulnerabilities in targeted attacks against at least 10 large organizations - Forbes - Cybersecurity
• Windows Mark of the Web - Krebs on Security
• At long last, Microsoft released patches for the ProxyNotShell vulnerabilities that are being actively exploited by Chinese threat actors - Dark Reading

Headlines

• Nov. 10, 2022 - S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?
• Nov. 9, 2022 - Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!
• Nov. 9, 2022 - Microsoft just released a whole host of security fixes, so patch now
• Nov. 9, 2022 - Microsoft Patch Tuesday updates fix 6 actively exploited zero-days
• Nov. 9, 2022 - Microsoft Patch Tuesday fixes 11 critical security vulnerabilities and six zero-days being actively exploited
• Nov. 9, 2022 - Rezilion expands SBOM to support Windows environments
• Nov. 9, 2022 - Microsoft Patches Six Zero-Day Bugs this Month
• Nov. 9, 2022 - Windows Security: Users Urged To Update As 4 New Zero-Day Attacks Confirmed
• Nov. 9, 2022 - Patch Tuesday, November 2022 Election Edition
• Nov. 9, 2022 - Microsoft squashes six security bugs already exploited in the wild
• Nov. 8, 2022 - Microsoft Quashes Bevy of Actively Exploited Zero-Days for November Patch Tuesday
• Nov. 8, 2022 - Microsoft Scrambles to Thwart New Zero-Day Attacks
• Nov. 8, 2022 - Microsoft patches 62 vulnerabilities, including Kerberos, and Mark of the Web, and Exchange…sort of

CVE-2022-41040

HIGH CVSS 8.80

CISA Known Exploited Actively Exploited Used In Ransomware Public Exploits Available

Published: Oct. 3, 2022

Microsoft Exchange Server Elevation of Privilege Vulnerability.

Vendor Impacted: Microsoft

Product Impacted: Exchange Server

Quotes

• We were only trying to help - Naked Security - Sophos
• They were expected last month, but they are finally here (along with several other Exchange fixes). These bugs were purchased by the ZDI at the beginning of September and reported to Microsoft at the time. At some point later, they were detected in the wild. Microsoft has released several different mitigation recommendations, but the best advice is to test and deploy these fixes - Security Affairs
• Considering it's a browse-and-own type of scenario, I expect this will be a popular bug to include in exploit kits - Latest news
• A Dynamic SBOM that supports Windows environments widens the scope of possibility and gives the ability to a massive number of new customers to meet regulatory standards and detect and manage their software vulnerabilities strategically - CSO Online
• We recommend applying patches within 24 hours if you have vulnerable on-prem or hybrid exchange servers where temporary mitigation has not been applied - infosecurity-magazine.com
• It took Microsoft more than two months to provide the patch, even though the company admitted that ProxyNotShell actively exploited the vulnerabilities in targeted attacks against at least 10 large organizations - Forbes - Cybersecurity
• Windows Mark of the Web - Krebs on Security
• More likely to be exploited - The Register - Security
• At long last, Microsoft released patches for the ProxyNotShell vulnerabilities that are being actively exploited by Chinese threat actors - Dark Reading

Headlines

• Nov. 11, 2022 - Why CVE Management as a Primary Strategy Doesn't Work
• Nov. 9, 2022 - Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!
• Nov. 9, 2022 - Microsoft just released a whole host of security fixes, so patch now
• Nov. 9, 2022 - Microsoft Patch Tuesday updates fix 6 actively exploited zero-days
• Nov. 9, 2022 - Microsoft Patch Tuesday fixes 11 critical security vulnerabilities and six zero-days being actively exploited
• Nov. 9, 2022 - Rezilion expands SBOM to support Windows environments
• Nov. 9, 2022 - Microsoft Patches Six Zero-Day Bugs this Month
• Nov. 9, 2022 - Windows Security: Users Urged To Update As 4 New Zero-Day Attacks Confirmed
• Nov. 9, 2022 - Patch Tuesday, November 2022 Election Edition
• Nov. 9, 2022 - Microsoft squashes six security bugs already exploited in the wild
• Nov. 9, 2022 - Patches for 6 zero-days under active exploit are now available from Microsoft
• Nov. 8, 2022 - Microsoft Quashes Bevy of Actively Exploited Zero-Days for November Patch Tuesday
• Nov. 8, 2022 - Microsoft Scrambles to Thwart New Zero-Day Attacks
• Nov. 8, 2022 - Microsoft patches 62 vulnerabilities, including Kerberos, and Mark of the Web, and Exchange…sort of