Microsoft fixes 68 bugs including six zero days on Patch Tuesday – Computer – News

Microsoft fixed 68 vulnerabilities during the monthly patch cycle. Eleven of these vulnerabilities were assigned a “Critical” rating. Six bugs are known to have been actively exploited.

The bugs have been fixed KB5019959 for Windows 10 and KB5019961 for Windows 11. During Patch Tuesday, the monthly patch round, this time Microsoft fixed 68 bugs. In most cases, 27 times, it was a increased privilegesinsect. In 16 cases it was possible to execute code remotely on a machine and in 11 bugs it was possible to retrieve information. Eleven of the bugs have a Critical rating because, for example, they are easy to exploit or can cause a lot of damage. These include CVE-2022-41040 capable of reading information from an Exchange server and three bugs that can trigger remote code execution in the point-to-point tunneling protocol.

In addition to the critical vulnerabilities, six vulnerabilities that were exploited in the wild were also found. from one of them, CVE-2022-41091and then know how it worked. A researcher showed how to bypass some Office protections with an infected zip file.

Other zerodays in the Patch Tuesday update are CVE-2022-41073a privilege escalation bug in the Windows print spooler, CVE-2022-41073in CVE-2022-41128, a way for attackers to execute code via a phishing attack on a website using the Scripting Languages ​​feature in Windows. Additionally, two other privilege escalations were found in Windows CNG Key Isolation and in Exchange. They are CVE-2022-41125 in CVE-2022-41040. Finally, a remote code execution vulnerability in Exchange is also actively exploited. This is CVE-2022-41082.