The latest Microsoft Patch Tuesday resolved as many as six zero-day exploits. In total, the updates fixed 68 different vulnerabilities.

11 out of 68 vulnerabilities resolved were labelled as critical. Among the critical vulnerabilities are six active zero-day exploits.

Two of the zero-day exploits (CVE-2022-41040 and CVE-2022-41082) target MS Exchange. When combined, the exploits allow cybercriminals to run malicious code on servers.

The process involves infecting on-premises systems with web shells for remote code execution (RCE). Microsoft disclosed that at least one cybercriminal is known to have used the method in the wild.

Windows exploits

A third zero-day, CVE-2022-41128, concerns a critical vulnerability in Windows that allows hackers to perform remote code execution (RCE). Abuse becomes possible from the moment a vulnerable device seeks access to a malicious server. Website Ars Technica writes that the vulnerability may be related to a state actor.

Two other addressed zero-days, CVE-2022-41073 and CVE-2022-41125, are so-called escalation-of-privilege vulnerabilities. When combined with existing vulnerabilities or executed by someone with limited authorization, the exploits make it possible to upgrade system privileges. Code and login credentials can be accessed and manipulated as a result.

CVE-2022-41073 puts Microsoft print spooler at risk while CVE-2022-41125 was found in the Windows CNG Key Isolation Service. The final two zero-days are present in Windows. CVE-2022-41091 allows cybercriminals to create malicious files that bypass so-called Mark of the Web protections.

Microsoft also published several patches related to Azure, the Linux kernel, Hyper-V, Visual Studio, MS Office and the .NET Framework.

Tip: Windows Autopatch is available, alternative to Patch Tuesday