Like every month, Microsoft has just released its new security patches, a series of updates for Windows that are responsible for solving all the security flaws detected in the operating system in the last month. If we want to avoid ending up in the clutches of hackers, we must update our computer right now, since, in addition, several critical and zero-day bugs are fixed this month, which can be a danger.
In total, the new security patches from Microsoft for November 2022 fix 68 vulnerabilities, of which, a total of 11 security flaws have been considered as critical, and the rest have received a severity level of “important”. In total, these 68 security flaws have been classified into the following groups:
- 27 privilege escalation vulnerabilities.
- 16 remote code execution security flaws
- 11 bugs of the “Information Disclosure” type.
- 6 denial of service vulnerabilities.
- 4 security flaws of the “Security Feature Bypass” type.
- 3 “Spoofing” failures.
The most important thing about these 68 security flaws is that a total of 11 vulnerabilities are being actively exploited by hackers. In other words, if we don’t update our computer, we can fall victim to them at any time. These zero-day bugs are as follows:
- CVE-2022-41128: Bug in Windows Scripting Languages that allows remote code execution.
- CVE-2022-41091: vulnerability in Windows Mark of the Web that allows to circumvent security measures.
- CVE-2022-41073: Bug in Windows Print Spooler that allows you to gain privileges on the PC.
- CVE-2022-41125: Error in Windows CNG Key Isolation Service that allows gaining privileges on the PC.
- CVE-2022-41040: security flaw in Microsoft Exchange Server that allows gaining privileges on the PC.
- CVE-2022-41082: Remote Code Execution Vulnerability in Microsoft Exchange Server.
In addition to these security flaws in Windows, Microsoft has also fixed bugs and security flaws in other company products, such as the .NET Framework, Azure, Microsoft Dynamics, Microsoft Office, SysInternals, and Visual Studio, among others. In this way, when updating the PC we will also receive the new versions of the associated Microsoft products that we have installed on the computer.
Install the new Windows updates
These new updates are already reaching all users who use any supported version of Windows 10, or Windows 11. To install them, we just have to open the Configuration menu of our operating system, go to the Windows Update section, and search, and install the new security patches on the PC.
If we do not want to do this process by hand, we must also take into account that, if we have not changed any update settings, these new patches should be downloaded and installed automatically without the need to do anything. Even if we need it, we can also download and install them by hand from the Microsoft support page:
In addition to Windows 10 and Windows 11, users using Windows 7 (paid additional support version) and Windows 8.1, as well as Windows Server editions, from 2008 to 2019, also receive their share of updates. received your updates.
It is important to remember that the serious vulnerabilities of OpenSSL, released on November 2, have not been fixed in these security patches. Therefore, we must take extreme precautions when using secure connections from Windows, and wait for the next December patches for Microsoft to correct these new vulnerabilities.
