Microsoft Patch Tuesday, November 8, 2022
Date of Notice: 11/08/2022
Action Level - High
Description
Microsoft’s latest security update on Tuesday November 8, 2022, contains 68 CVEs, including six zero-days which are known to be actively exploited.
The exploited vulnerabilities cover a range of products including Exchange, Windows Scripting Languages, and other Windows services. If exploited they could allow bypass of Windows security features, privilege escalation,or remote code execution.
Overall, 11 of the CVEs in this cycle are rated Critical. Three critical and three important severity vulnerabilities are known to be exploited currently, and one has been publicly disclosed.
Remediation
Ensure your devices are running current patches per vendor guidance. Zero Day Initiative has a consolidated list here.