![]() ![]() N one of the 15 are known to be under active exploit in the wild. Of this month’s patches, 42 apply to Win7, and 48 apply to at least one version of Win8.Įlsewhere in patching news, Microsoft also relayed information on 15 issues addressed today by patches for Adobe Acrobat and Reader for Windows and MacOS – the first Reader patches released since October 2021. (Mainstream support for Win 7 ended in 2020 the end of ESU means that even crucial security updates will no longer be regularly issued.) Support is also concluding for Windows 8, 8.1, and RT, which were not granted an ESU of their own. Today is also the final day of Patch Tuesday activity for Windows 7, as the end of Extended Security Update support brings the long life of that version of the operating system to a close. L2TP is also at the heart of two additional patches in this month’s set, and users of Microsoft’s VPN services are encouraged to regard those L2TP patches seriously. Four of those five patches touch Windows Layer 2 Tunnelling Protocol (L2TP) all five involve remote code execution issues, and all five require neither user interaction nor privileged access to exploit. Five of this month’s Windows patches garnered a Critical-severity 9.8 CVSS (Common Vulnerability Scoring System) base score, a consideration for many administrators looking to prioritize their task lists. That said, Microsoft’s own severity ratings may not tell the entire tale. Just one issue addressed this month (CVE-2022-21674, an Important-severity Windows EoP) has been discovered to be under exploit, and even then there appears to be no disclosed code addressing this ALPC (Advanced Local Procedure Call) bug. Microsoft also announced one previously issued patch addressing a Moderate-severity RCE sandbox escape affecting that Chromium-based Edge browser as is customary with Patch Tuesday releases, this issue is not counted among the 98 and requires no action as part of the release itself.ĭespite a high total number of patches, so far the 98 issues addressed have apparently flown under the radar for the most part. ![]() (3D Builder was installed by default on Windows 10, but not on earlier or later versions of the OS.)Īs for the rest, Office and Exchange pick up six and five patches respectively (all Important-severity), SharePoint receives three fixes, and Azure, Microsoft’s Malware protection Engine. ![]() It’s followed by 3D Builder, a less-common Patch Tuesday target, with 14 Important-severity RCE issues. Once again the majority of CVEs affect Windows the operating system accounts for 66 CVEs. This includes 11 Critical-severity issues affecting SharePoint and Windows. Microsoft on Tuesday released patches for 98 vulnerabilities in nine Microsoft product families. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |