Alert GCSA-22124 - Microsoft Security Update Novembre 2022
******************************************************************
Alert ID: GCSA-22124
Data: 9 Novembre 2022
Titolo: Microsoft Security Update Novembre 2022
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato il security update mensile per Novembre 2022,
questa versione risolve 68 vulnerabilita', delle quali 11 sono
classificate come critiche e 6 zero-day
(tra cui le vulnerabilita' CVE-2022-41040 e CVE-2022-41082
https://www.cert.garr.it/alert/security-alerts/listid-1/mailid-2547-alert-gcsa-22111-vulnerabilita-zero-day-in-microsoft-exchange-server)
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software interessato
.NET Framework
AMD CPU Branch
Azure
Azure Real Time Operating System
Linux Kernel
Microsoft Dynamics
Microsoft Exchange Server
Microsoft Graphics Component
Microsoft Office
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Office Word
Network Policy Server (NPS)
Open Source Software
Role: Windows Hyper-V
SysInternals
Visual Studio
Windows Advanced Local Procedure Call
Windows ALPC
Windows Bind Filter Driver
Windows BitLocker
Windows CNG Key Isolation Service
Windows Devices Human Interface
Windows Digital Media
Windows DWM Core Library
Windows Extensible File Allocation
Windows Group Policy Preference Client
Windows HTTP.sys
Windows Kerberos
Windows Mark of the Web (MOTW)
Windows Netlogon
Windows Network Address Translation (NAT)
Windows ODBC Driver
Windows Overlay Filter
Windows Point-to-Point Tunneling Protocol
Windows Print Spooler Components
Windows Resilient File System (ReFS)
Windows Scripting
Windows Win32K
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Denial of Service (DoS)
Acquisizione di privilegi piu' elevati (EoP)
Provide Misleading Information (spoofing)
Information Disclosure (ID)
Bypass restrizioni di sicurezza
:: Soluzioni
Per default l'installazione degli aggiornamenti
avviene in maniera automatica.
Per installare manualmente scegliere
Start > Impostazioni > Aggiornamento e Sicurezza > Windows Update
Verificare di aver installato la versione piu' recente del
Servicing Stack Updates
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001
https://docs.microsoft.com/it-it/windows/deployment/update/servicing-stack-updates
Windows Update domande frequenti
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Gli aggiornamenti sono disponibili anche tramite il catalogo di Microsoft
Update
https://www.catalog.update.microsoft.com/
Gli utenti che utilizzano ancora Windows 7, Windows Server 2008 o 2008 R2
devono acquistare l'Extended Security Update per continuare a ricevere gli
aggiornamenti
https://support.microsoft.com/en-hk/help/4522133/procedure-to-continue-receiving-security-updates
:: Riferimenti
Microsoft Security Updates - Release Notes
https://msrc.microsoft.com/update-guide/releaseNote/2022-Nov
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39327
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41060
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41062
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41100
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41128
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFja3PQwZxMk2USYEIRCHCfAJwKx78WiRdm0J+BJ4y7N1TfZ6+NVwCfWpQb
yIxLJuKebD7OF/ydlUh5TEE=
=5xfx
-----END PGP SIGNATURE-----
Alert ID: GCSA-22124
Data: 9 Novembre 2022
Titolo: Microsoft Security Update Novembre 2022
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato il security update mensile per Novembre 2022,
questa versione risolve 68 vulnerabilita', delle quali 11 sono
classificate come critiche e 6 zero-day
(tra cui le vulnerabilita' CVE-2022-41040 e CVE-2022-41082
https://www.cert.garr.it/alert/security-alerts/listid-1/mailid-2547-alert-gcsa-22111-vulnerabilita-zero-day-in-microsoft-exchange-server)
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software interessato
.NET Framework
AMD CPU Branch
Azure
Azure Real Time Operating System
Linux Kernel
Microsoft Dynamics
Microsoft Exchange Server
Microsoft Graphics Component
Microsoft Office
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Office Word
Network Policy Server (NPS)
Open Source Software
Role: Windows Hyper-V
SysInternals
Visual Studio
Windows Advanced Local Procedure Call
Windows ALPC
Windows Bind Filter Driver
Windows BitLocker
Windows CNG Key Isolation Service
Windows Devices Human Interface
Windows Digital Media
Windows DWM Core Library
Windows Extensible File Allocation
Windows Group Policy Preference Client
Windows HTTP.sys
Windows Kerberos
Windows Mark of the Web (MOTW)
Windows Netlogon
Windows Network Address Translation (NAT)
Windows ODBC Driver
Windows Overlay Filter
Windows Point-to-Point Tunneling Protocol
Windows Print Spooler Components
Windows Resilient File System (ReFS)
Windows Scripting
Windows Win32K
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Denial of Service (DoS)
Acquisizione di privilegi piu' elevati (EoP)
Provide Misleading Information (spoofing)
Information Disclosure (ID)
Bypass restrizioni di sicurezza
:: Soluzioni
Per default l'installazione degli aggiornamenti
avviene in maniera automatica.
Per installare manualmente scegliere
Start > Impostazioni > Aggiornamento e Sicurezza > Windows Update
Verificare di aver installato la versione piu' recente del
Servicing Stack Updates
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001
https://docs.microsoft.com/it-it/windows/deployment/update/servicing-stack-updates
Windows Update domande frequenti
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Gli aggiornamenti sono disponibili anche tramite il catalogo di Microsoft
Update
https://www.catalog.update.microsoft.com/
Gli utenti che utilizzano ancora Windows 7, Windows Server 2008 o 2008 R2
devono acquistare l'Extended Security Update per continuare a ricevere gli
aggiornamenti
https://support.microsoft.com/en-hk/help/4522133/procedure-to-continue-receiving-security-updates
:: Riferimenti
Microsoft Security Updates - Release Notes
https://msrc.microsoft.com/update-guide/releaseNote/2022-Nov
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39327
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41060
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41062
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41100
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41128
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFja3PQwZxMk2USYEIRCHCfAJwKx78WiRdm0J+BJ4y7N1TfZ6+NVwCfWpQb
yIxLJuKebD7OF/ydlUh5TEE=
=5xfx
-----END PGP SIGNATURE-----