REDLEGG BLOG

Critical Security Bulletin - 10/11/22

10/11/22 5:12 PM  |  by RedLegg Blog

Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability

Identifier: CVE-2022-37968
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37968

Description: CVE-2022-37968 allows an attacker to achieve elevated privileges to secure administrative control of the Kubernetes cluster. This vulnerability impacts the cluster connect feature found within the Azure Arc-enabled Kubernetes clusters. User interaction and authentication are not required for successful exploitation. Carrying out an exploit for CVE-2022-37968 via internet implies the attacker acquired foreknowledge of the randomly generated external DNS endpoint for an Azure Arc-enabled Kubernetes cluster.
Mitigation Recommendation: Patching is currently the only method of mitigation.

Server Service Remote Protocol Elevation of Privilege Vulnerability

Identifier: CVE-2022-38045
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38045

Description: CVE-2022-38045 exclusively allows an attacker to delete files on a targeted system. User interaction is not required to successfully exploit this vulnerability. An attacker would, however, be incapable of modifying or viewing file contents.
Mitigation Recommendation: Patching is currently the only method of mitigation.

Windows COM+ Event System Service Elevation of Privilege Vulnerability

Identifier: CVE-2022-41033
Exploit or POC: Yes (Actively Being Exploited)
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41033

Description: CVE-2022-41033 presents as an elevation of privileges security flaw. This vulnerability would allow an attacker to secure SYSTEM privileges. User interaction is not required for successful exploitation.
Mitigation Recommendation: Patching is currently the only method of mitigation.

Microsoft SharePoint Server Remote Code Execution Vulnerability

Identifier: CVE-2022-38053
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38053

Description: CVE-2022-38053 allows an attacker to execute remote code onto the SharePoint Server. Carrying out this exploit requires the attacker authenticate to the intended site and also secure Manage List permissions on the SharePoint server.
Mitigation Recommendation: Patching is currently the only method of mitigation.

Microsoft SharePoint Server Remote Code Execution Vulnerability

Identifier: CVE-2022-41038
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41038

Description: CVE-2022-41038 allows an attacker to execute remote code onto the SharePoint Server. Carrying out this exploit requires the attacker authenticate to the intended site and also secure Manage List permissions on the SharePoint server.
Mitigation Recommendation: Patching is currently the only method of mitigation.

Microsoft SharePoint Server Remote Code Execution Vulnerability

Identifier: CVE-2022-41036
Exploit or POC: No
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41036

Description: CVE-2022-41036 allows an attacker to execute remote code onto the SharePoint Server. Carrying out this exploit requires the attacker authenticate to the intended site and also secure Manage List permissions on the SharePoint server.
Mitigation Recommendation: Patching is currently the only method of mitigation.

Get Blog Updates

Related Articles

Emergency Vulnerability Bulletin - 11/30/22 threat intel, 96bravo

Emergency Vulnerability Bulletin - 11/30/22

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Emergency Vulnerability Bulletin - 11/29/22 threat intel, 96bravo

Emergency Vulnerability Bulletin - 11/29/22

Oracle Fusion Middleware Unspecified Vulnerability Identifier: CVE-2022-35587 Exploit or POC: Yes (Actively Being ...
Critical Security Vulnerabilities Bulletin