John Paul M. Joaquin Tech 11.09.2022 02:Nov AM EST

Microsoft’s Latest Windows Update Resolves 74 OS Issues

Microsoft's latest update has fixed more than a handful of issues plaguing its two active operating systems (OS).

The tech giant recently released its November 2022 security update to Windows, which fixed six actively exploited Windows vulnerabilities and 67 flaws, per Bleeping Computer.

These flaws include problems with Microsoft Office, Windows Resilient File System (ReFS), Windows Advanced Local Procedure Call (ALPC), and similar origins.

Microsoft November 2022 Vulnerability Fix Details

Microsoft's November 2022 security update shored up many of their OS' vulnerabilities and flaws which hackers and cybercriminals could exploit if left as they were.

Here is a list of the zero-day vulnerabilities the update plugged up and how hackers would exploit them if given the chance:

Windows Scripting Languages Remote Code Execution (RCE) Vulnerability - a cybercriminal could access a victim's computer if they could convince their victim to visit the server or website they made to do so.
Windows Mark of the Web Security Feature Bypass Vulnerability - a hacker could disable many security features like Protected View in Microsoft Office and make a computer lose integrity if a malicious file that can evade a victim computer's Mark of the Web defenses.
Windows Print Spooler Elevation of Privilege Vulnerability - a hacker could exploit this vulnerability to gain SYSTEM privileges, allowing him to change things in a computer as they see fit.
Windows CNG Key Isolation Service Elevation of Privilege - similar to the previous vulnerability, a hacker could exploit this vulnerability to gain SYSTEM privileges, allowing him to change things in a computer as they see fit.

Windows CNG Key Isolation Service Elevation of Privilege - similar to the previous vulnerability, a hacker could exploit this vulnerability to gain SYSTEM privileges, allowing him to change things in a computer as they see fit.
Microsoft Exchange Server Elevation of Privilege Vulnerability - a hacker could gain the ability to run PowerShell "in the context of the system."
Microsoft Exchange Server Remote Code Execution Vulnerability - a cybercriminal could try to trigger a malicious code after targeting the server accounts in an arbitrary or remote code execution through a network call.

Microsoft's November update also fixed CVE-2022-41040 and CVE-2022-41082, dubbed ProxyNotShell. According to a Bleeping Computer article that cited a statement from Vietnamese cybersecurity company GTSC, the vulnerability allowed a cybercriminal to make a remote code execution on a compromised system to steal data and move to other systems on the victims' network.

Microsoft November 2022 Update Flaw Solution Details

Microsoft's update not only fixed zero-day vulnerabilities but also security flaws in its active OS. According to Qualys Community, ten of these vulnerabilities were classified as critical as they could allow cybercriminals and hackers to deny service, elevate their privileges in a victim's computer, and remotely execute code. Some of these flaws affect Microsoft Office, Network Policy Server, Windows ReFS, Windows ALPC, Windows Kerberos, and Windows Network Address Translation.

Windows Point-to-Point Tunneling Protocol, Windows Overlay Filter, Windows Win32k, and Windows GDI+ also showed flaws that are exploitable by hackers and cybercriminals to reveal data, elevate their privileges, RCE, and spoofing.

These solutions also came with improvements that affect the localization of folders of Windows' File Explorer, per Windows Central.