Recent news reports show that Microsoft’s Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild.
It appears that out of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the actively exploited ProxyNotShell flaws in Exchange Server.
Notably, the patches come alongside updates to resolve 12 other flaws in the Chromium-based Edge browser that have been released since the beginning of the month.
Microsoft’s latest patch has topped the list of this month’s patches is CVE-2022-41033 (CVSS score: 7.8), a privilege escalation vulnerability in Windows COM+ Event System Service. An anonymous researcher has been credited with reporting the issue.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” the company said in an advisory, cautioning that the shortcoming is being actively weaponized in real-world attacks.
Observations show the nature of the flaw also means that the issue is likely chained with other flaws to escalate privilege and carry out malicious actions on the infected host.
“Thi ..
Support the originator by clicking the read the rest link below.
