Consorzio Metis

CSIRT Toscana

CSIRT Toscana

Aggiornamenti Mensili Microsoft (AL01/221012/CSIRT-ITA) – Aggiornamento

Data:
23 Aprile 2024 11:11

Data di creazione: 12/10/2022 – 06:07:58

Sintesi

Microsoft ha rilasciato gli aggiornamenti di sicurezza mensili che risolvono un totale di 84 nuove vulnerabilità, di cui 2 di tipo 0-day.

Note: il vendor afferma che la CVE-2022-41033 risulta essere sfruttata attivamente in rete.

Note (aggiornamento del 27/01/2023): un Proof of Concept (PoC) per lo sfruttamento delle CVE-2022-41043 e CVE-2022-34689 risulterebbe disponibile in rete.

Note (aggiornamento del 23/04/2024): il vendor afferma che la CVE-2022-38028 risulta essere sfruttata attivamente in rete.

Rischio

Stima d’impatto della vulnerabilità sulla comunità di riferimento: ALTO/ARANCIONE (72,56/100)1.

Tipologia

  • Spoofing
  • Security Feature Bypass
  • Elevation of Privilege
  • Remote Code Execution
  • Denial of Service
  • Information Disclosure

Prodotti e versioni affette

  • Active Directory Domain Services
  • Azure
  • Azure Arc
  • Client Server Run-time Subsystem (CSRSS)
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft WDAC OLE DB provider for SQL
  • NuGet Client
  • Remote Access Service Point-to-Point Tunneling Protocol
  • Windows Hyper-V
  • Service Fabric
  • Visual Studio Code
  • Windows Active Directory Certificate Services
  • Windows ALPC
  • Windows CD-ROM Driver
  • Windows COM+ Event System Service
  • Windows Connected User Experiences and Telemetry
  • Windows CryptoAPI
  • Windows Defender
  • Windows DHCP Client
  • Windows Distributed File System (DFS)
  • Windows DWM Core Library
  • Windows Event Logging Service
  • Windows Group Policy
  • Windows Group Policy Preference Client
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows Kernel
  • Windows Local Security Authority (LSA)
  • Windows Local Security Authority Subsystem Service (LSASS)
  • Windows Local Session Manager (LSM)
  • Windows NTFS
  • Windows NTLM
  • Windows ODBC Driver
  • Windows Perception Simulation Service
  • Windows Point-to-Point Tunneling Protocol
  • Windows Portable Device Enumerator Service
  • Windows Print Spooler Components
  • Windows Resilient File System (ReFS)
  • Windows Secure Channel
  • Windows Security Support Provider Interface
  • Windows Server Remotely Accessible Registry Keys
  • Windows Server Service
  • Windows Storage
  • Windows TCP/IP
  • Windows USB Serial Driver
  • Windows Web Account Manager
  • Windows Win32K
  • Windows WLAN Service
  • Windows Workstation Service

Azioni di mitigazione

In linea con le dichiarazioni del vendor, si raccomanda di procedere all’aggiornamento dei prodotti impattati attraverso l’apposita funzione di Windows Update.

Identificatori univoci vulnerabilità

CVE-ID
CVE-2022-37973 CVE-2022-37995 CVE-2022-35829 CVE-2022-38031
CVE-2022-38026 CVE-2022-37976 CVE-2022-37986 CVE-2022-30198
CVE-2022-37997 CVE-2022-37979 CVE-2022-37971 CVE-2022-38048
CVE-2022-37983 CVE-2022-38046 CVE-2022-34689 CVE-2022-37994
CVE-2022-22035 CVE-2022-41033 CVE-2022-41038 CVE-2022-41031
CVE-2022-38003 CVE-2022-37998 CVE-2022-37993 CVE-2022-38045
CVE-2022-37980 CVE-2022-41042 CVE-2022-38029 CVE-2022-38051
CVE-2022-37987 CVE-2022-24504 CVE-2022-41036 CVE-2022-37981
CVE-2022-41043 CVE-2022-38001 CVE-2022-37985 CVE-2022-41081
CVE-2022-38032 CVE-2022-38044 CVE-2022-41034 CVE-2022-38036
CVE-2022-37996 CVE-2022-38030 CVE-2022-37982 CVE-2022-37975
CVE-2022-38040 CVE-2022-38034 CVE-2022-38033 CVE-2022-38022
CVE-2022-38050 CVE-2022-38037 CVE-2022-38047 CVE-2022-38053
CVE-2022-33634 CVE-2022-38027 CVE-2022-38000 CVE-2022-37965
CVE-2022-37990 CVE-2022-38028 CVE-2022-38021 CVE-2022-37974
CVE-2022-38017 CVE-2022-38042 CVE-2022-37968 CVE-2022-38025
CVE-2022-38039 CVE-2022-37984 CVE-2022-37999 CVE-2022-33645
CVE-2022-35770 CVE-2022-37988 CVE-2022-38016 CVE-2022-37978
CVE-2022-37970 CVE-2022-38038 CVE-2022-38049 CVE-2022-37977
CVE-2022-41037 CVE-2022-38041 CVE-2022-41083 CVE-2022-41032
CVE-2022-37989 CVE-2022-33635 CVE-2022-37991 CVE-2022-38043

Riferimenti

https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct

https://msrc.microsoft.com/update-guide

Aggiornamento del 23/04/2024

https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/

1La presente stima è effettuata tenendo conto di diversi parametri, tra i quali: CVSS, disponibilità di patch/workaround e PoC, diffusione dei software/dispositivi interessati nella comunità di riferimento.

Il presente articolo è un prodotto originale di csirt.gov.it, riproposto qui a solo scopo di aumentarne la visibilità.