#microsoft

Microsoft Office Remote Code Execution Vulnerability.

Microsoft Edge (Chromium-based) Spoofing Vulnerability.

Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41036, CVE-2022-41038.

Microsoft Office Spoofing Vulnerability.

Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41036, CVE-2022-41037, CVE-2022-41038.

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37982.

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38031.

Microsoft DWM Core Library Elevation of Privilege Vulnerability.

Microsoft Windows Defender Elevation of Privilege Vulnerability.

By Jon Munshaw and Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including seven critical issues in Windows’ point-to-point tunneling protocol.  October's security update features 11 critical vulnerabilities, with the remainder being “important.”   One of the most notable vulnerabilities Microsoft fixed this month is CVE-2022-41038, a remote code execution issue in Microsoft SharePoint. There are several other SharePoint vulnerabilities included in this month’s Patch Tuesday, though this seems the most severe, as Microsoft continues it to be “more likely” to be exploited.  An attacker must be authenticated to the target site with the correct permissions to use manage lists in SharePoint to exploit this vulnerability, and eventually gain the ability to execute remote code on the SharePoint server.   CVE-2022-37968, an elevation of privilege vulnerability in Azure Arc Connect, has th...