A few of the notable call-out’s from this week’s report are:
- Patch Tuesday was this week, Microsoft patched 6 zero-days that were already in active exploitation, and another 68 items that needed to be fixed. Microsoft finally fixed the Exchange Server “ProxyNotShell‘ zero-day bugs. And the Spectre V2 vulnerability for AMD Ryzen processors running Windows was patched.
- VMware released fixes for 3 critical authorization bypass bugs
- Citrix released urgent patches for authorization bypass
- Apple released an emergency code execution patch
- Lenovo released fixes for flaws in their UEFI BIOS
- Palo Alto released fixes for LPE in their Cortex XSOAR
- Microsoft reports that China is likely stockpiling and weaponizing vulnerabilities rather than report them
- In an emerging item TransUnion has experienced a breach, details are coming out very slowly
Research shows that criminals avoid homes that have CCTV and/or yappy dogs. Make sure that your network is being watched and has some yappy dogs running around in them. Send the criminals looking for an easier target.
Praying you have a fantastic week!
Headline NEWS
- Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws
- November 2022 Security Update Review
- VMware fixes three critical auth bypass bugs in remote access tool
- Citrix urges admins to patch critical ADC, Gateway auth bypass
- Apple emergency code execution patch released – but not a 0-day
- Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks
- Lenovo fixes flaws that can be used to disable UEFI Secure Boot
- Paloalto Cortex XSOAR: Local Privilege Escalation (LPE) Vulnerability
- Latest Patch Tuesday mends Spectre V2 vulnerability affecting AMD Ryzen Windows PCs
- OpenSSL Vulnerabilities Threat Brief: CVE-2022-3786, CVE-2022-3602 – good writeup
- China is likely stockpiling and deploying vulnerabilities, says Microsoft
Other News Events of Note and Interest
For a PDF version of this week’s report, click here.