About:
In an effort to provide additional value to our customers RedLegg will be releasing monthly security bulletins for critical vulnerabilities as they are released from major software vendors. RedLegg will provide as much context and information as is available at the time the bulletin is released.
RedLegg will include a brief description of the vulnerability, whether or not an active exploit or POC exists, and then a link to an update if any exists. If no update exists there will be remediation or mitigation suggestions in order to limit the risk that each vulnerability represents.
*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.
VULNERABILITIES
Windows Scripting Languages Remote Code Execution Vulnerability
Identifier: CVE-2022-41128
Exploit or POC: Yes (Actively Being Exploited)
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41128
Description: CVE-2022-41128 allows for remote code execution. Successful exploitation requires user interaction. An attacker would need to employ social engineering tactics to entice a targeted user into visiting the compromised server share or website via chat message or email. The Jscript9 scripting language is directly impacted by this vulnerability.
Mitigation Recommendation: Patching is currently the only method of mitigation.
Microsoft Exchange Server Elevation of Privilege Vulnerability
Identifier: CVE-2022-41080
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080
Description: CVE-2022-41080 is a critical elevation of privilege vulnerability impacting the Microsoft Exchange Server. User interaction is not required for successful exploitation. This vulnerability exists in the Microsoft Exchange software when it is unsuccessful in managing the objects in memory. Once exploited, an attacker could execute code arbitrarily as a System user. Subsequently, allowing the attacker to modify programs, data, or generate new accounts.
Mitigation Recommendation: Patching is currently the only method of mitigation.
Microsoft ODBC Driver Remote Code Execution Vulnerability
Identifier: CVE-2022-41047
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41047
Description: CVE-2022-41047 allows for remote code execution. User interaction and authentication is required to successfully exploit this vulnerability. An attacker would need to entice a targeted user into connecting to a malicious SQL server through the Open Database Connectivity (ODBC), thus allowing the attacker to execute code arbitrarily.
Mitigation Recommendation: Patching is currently the only method of mitigation.
Microsoft ODBC Driver Remote Code Execution Vulnerability
Identifier: CVE-2022-41048
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41048
Description: CVE-2022-41048 allows for remote code execution. User interaction and authentication is required to successfully exploit this vulnerability. An attacker would need to entice a targeted user into connecting to a malicious SQL server through the Open Database Connectivity (ODBC), thus allowing the attacker to execute code arbitrarily.
Mitigation Recommendation: Patching is currently the only method of mitigation.
Microsoft SharePoint Server Remote Code Execution Vulnerability
Identifier: CVE-2022-41062
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41062
Description: CVE-2022-41062 allows for remote code execution. Authentication is required; however, user interaction is not required to exploit this vulnerability. An attacker would be required to achieve at minimum, Site Member privileges for successful exploitation. Subsequently, facilitating arbitrary code execution onto the SharePoint Server.
Mitigation Recommendation: Patching is currently the only method of mitigation.
Netlogon RPC Elevation of Privilege Vulnerability
Identifier: CVE-2022-38023
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023
Description: CVE-2022-38023 allows an attacker to secure administrative privileges. Authentication is required; however, user interaction is not required to exploit this vulnerability. The vulnerability exists in the cryptographic protocol and can be leveraged by an attacker through the Windows Netlogon protocol concurrently with RPC Signing in place of the RPC Sealing. Thereby allowing an attacker to obtain control of the service and potentially modify the Netlogon protocol traffic in the interest of elevating privileges.
Mitigation Recommendation: Patching is currently the only method of mitigation.
