Some of the critical vulnerabilities fixed by the updates are as follows;
- The vulnerability, tracked as CVE-2022-41033, is caused by a buffer overflow affecting the Windows COM+ Event System Service. The vulnerability, which affects all versions of Windows starting with Windows 7 and Windows Server 2008, allows a local user to execute code with SYSTEM privileges on a vulnerable system.
- The security vulnerability, tracked as CVE-2022-37979, is caused by a Race Condition bug in Windows Hyper-V. A local user can exploit the vulnerability to gain unauthorized access to sensitive information and elevate their privileges in the system.
- The security vulnerability, tracked as CVE-2022-37976, is caused by improper enforcement of security restrictions in Active Directory Certificate Services.
- The vulnerability, tracked as CVE-2022-37978, exists because the security features in Active Directory Certificate Services are bypassed. As a result, a remote user can exploit the vulnerability to perform man-in-the-middle (MitM) attacks and gain access to network communications.
- The vulnerability, tracked as CVE-2022-41043, exists due to excessive data output by Microsoft Office applications. As a result, a local user can gain unauthorized access to sensitive information in the system by exploiting the vulnerability.
Updates that fix vulnerabilities affect the following Microsoft products and versions;[/vc_column_text][vc_empty_space height=”10px”][vc_single_image image=”16538″ img_size=”full” alignment=”center”][vc_empty_space height=”10px”][vc_column_text]It is recommended that users using the products and versions mentioned above immediately apply the published updates in order not to be the target of attacks that can be carried out using vulnerabilities.[/vc_column_text][vc_empty_space][/vc_column][/vc_row]