October Patch Tuesday Release | Comment from Satnam Narang, Sr. Staff Research Engineer
This month’s Patch Tuesday release includes fixes for 84 CVEs — 13 that are rated critical, 71 rated important. Elevation of privilege (EoP) accounted for 46.4% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 23.8%.
Please find below a comment from Satnam Narang, Sr. Staff Research Engineer, Tenable and further analysis from the company in this blog.
October Patch Tuesday Release
“This month, Microsoft patched CVE-2022-41033, an elevation of privilege vulnerability in the Windows COM+ Event System Service, which enables system event notifications for COM+ components. An authenticated attacker could execute a specially crafted application designed to exploit this vulnerability on a vulnerable system. Successful exploitation would grant an attacker the ability to execute privileges as SYSTEM. Microsoft reports that this vulnerability has been exploited in the wild, though no specific details have been shared about its exploitation. It was reported to Microsoft by an anonymous individual. While elevation of privilege vulnerabilities require an attacker to gain access to a system through other means, they are still a valuable tool in an attacker’s toolbox, and this month’s Patch Tuesday has no shortage of elevation of privilege flaws, as Microsoft patched 39, accounting for nearly half of the bugs patched (46.4%).
“Notably absent from this month’s Patch Tuesday are patches for the pair of zero-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082, also known as ProxyNotShell. We expected Microsoft to issue patches for these flaws soon considering there have been reports of in-the-wild exploitation.” — Satnam Narang, Sr. Staff Research Engineer, Tenable
Esports Proposed As Official Medal Sport At AIMAG 2025
