Skip to content
BLOG

Patch Tuesday October 2022

Jordan Hammond fun headshot
Jordan Hammond|October 12, 2022
Patch Tuesday
Patch Tuesday
Sections

Do you know what’s scary? An exploit getting patched that’s rated as a 10.0 on CVSS. (See what I did there? It’s October, and I said scary! Classic jokes, Jordan.) Overall, we have 96 exploits getting patched, with 13 of them being critical, one that is already known, and one that is already exploited. That’s about as bad as a month gets. With a 10.0 you should already be looking into patching, so let’s dive into the lowlights.

Some highlights (or lowlights)

  • CVE-2022-37968: This is the 10.0, and it is an Elevation of Privilege vulnerability impacting Azure Arc-enabled Kubernetes Clusters. It requires no privileges or user interaction to implement. This exploit allows an unauthenticated user to elevate on the external DNS endpoint and potentially gain full control of the Kubernetes Cluster.

  • CVE-2022-41033: This exploit is the one that is already used in the wild. It is an Elevation of Privilege rated at 7.8 on CVSS. When exploited by an attacker, 41033 can use the Windows COM+ Event System Service to get system privileges on the system.

  • CVE-2022-37976: This 8.8-rated exploit is another Elevation of Privilege vulnerability, attacking Active Directory Certificate Services (AD CS). If successfully executed, it can give an attacker domain admin rights. Hot take here, but this is bad. If you are not using Active Directory Certificate Services, you will want to get this patched ASAP. Microsoft also has several alternate mitigation options listed in the MSRC page linked for this exploit.

Wrapping up

October is a doozy. While there are some very high-rated vulnerabilities for this month, all of them do require specific environment setups that make them a little less likely to be exploited. If you are using AD CS or Azure Arc-enabled Kubernetes, you are certainly having a bad time. Why do we want to research how at risk we are each month like this? Why not just get our patching automated and have the peace of mind a secure environment can bring you? PDQ Deploy and PDQ Inventory can help you automate your patching so you can focus on essential things. Like getting a new personal best on that Rubik’s Cube on your desk.

Loading...

Jordan Hammond fun headshot
Jordan Hammond

Jordan had spent his life wondering why tasks he didn’t like to do had no options to complete themselves. Eventually he had to make that happen on his own. It turned out that he enjoyed making tasks complete themselves, and PDQ thought that is something he should talk about on the internet.

Related articles

Security green

What is attack surface management?

SECURITY

Illustration that shows logo of PDQ Connect

PDQ Connect announces custom fields

PRODUCT

Product connect

Inside look: How PDQ’s IT team uses Connect

PRODUCT