Today’s VERT Alert addresses Microsoft’s October 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1025 on Wednesday, October 12th.

In-The-Wild & Disclosed CVEs

CVE-2022-41033

A vulnerability in the Windows COM+ Event System service could allow malicious individuals to obtain SYSTEM level access on all supported versions of Windows. The system is responsible for providing automatic distribution of events to subscribing COM components. According to Microsoft, this vulnerability is currently seeing active exploitation.

CVE-2022-41043

A vulnerability in Microsoft Office for Mac could allow for the disclosure of user tokens and other sensitive information. According to Microsoft, this vulnerability has been publicly disclosed, but is not currently seeing active exploitation.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed
Tag CVE Count CVEs
Windows Workstation Service 1 CVE-2022-38034
Microsoft Office Word 2 CVE-2022-38049, CVE-2022-41031
Windows USB Serial Driver 1 CVE-2022-38030
Windows Portable Device Enumerator Service 1 CVE-2022-38032
Windows Group Policy 1 CVE-2022-37975
Windows Local Session Manager (LSM) 2 CVE-2022-37998, CVE-2022-37973
Windows Distributed File System (DFS) 1 CVE-2022-38025
Windows Internet Key Exchange (IKE) Protocol 1 CVE-2022-38036
Active Directory Domain Services 1 CVE-2022-38042
Microsoft Office SharePoint 4 CVE-2022-41036, CVE-2022-41037, CVE-2022-38053, CVE-2022-41038
Remote Access Service Point-to-Point Tunneling Protocol 1 CVE-2022-37965
Windows Web Account Manager 1 CVE-2022-38046
Visual Studio Code 3 CVE-2022-41034, CVE-2022-41083, CVE-2022-41042
Windows Perception Simulation Service 1 CVE-2022-37974
Windows Secure Channel 1 CVE-2022-38041
Windows Connected User Experiences and Telemetry 1 CVE-2022-38021
Windows Security Support Provider Interface 1 CVE-2022-38043
Microsoft Graphics Component 5 CVE-2022-33635, CVE-2022-37986, (Read more...)