Microsoft fixes 68 bugs including six zero days during Patch Tuesday

Microsoft has patched 68 vulnerabilities during its monthly patch cycle. Eleven of those vulnerabilities were given a ‘Critical’ rating. Six bugs are known to have been actively exploited.

The bugs have been fixed in KB5019959 for Windows 10 and KB5019961 for Windows 11. During Patch Tuesday, the monthly patch round, Microsoft fixed 68 bugs this time. In most cases, 27 times, it was a privilege escalation bug. In 16 cases it was possible to run code remotely on a machine and in 11 bugs it was possible to retrieve information. Eleven of the bugs have a Critical rating because, for example, they are easy to exploit or can cause a lot of damage. These include CVE-2022-41040 that can read information from an Exchange server and three bugs that can trigger remote code execution in the Point-to-Point Tunneling protocol.

In addition to the critical vulnerabilities, six vulnerabilities were also found that were exploited in the wild. from one of them, CVE-2022-41091is additionally know how that worked. A researcher showed how he could circumvent certain Office protections with an infected zip file.

Other zerodays in the Patch Tuesday update are CVE-2022-41073a privilege escalation bug in the Windows Print Spooler, CVE-2022-41073and CVE-2022-41128, a way for attackers to execute code through a phishing attack to a website through the Scripting Languages ​​feature in Windows. Also, two more privilege escalations were found in Windows CNG Key Isolation and in Exchange. Those are CVE-2022-41125 and CVE-2022-41040. Finally, a remote code execution vulnerability in Exchange is also actively exploited. That is CVE-2022-41082.