Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday”, and contain security fixes for Microsoft devices and software.

This month’s release covers 48 vulnerabilities. Although all vulnerabilities are marked as important, some are more likely to be exploited in the near future and urgent patching is advised.

Highlighted Vulnerabilities

Windows Kernel Elevation of Privilege Vulnerability (CVE-2022-21989)

CVE-2022-21989 is an EoP vulnerability in the Windows Kernel with a CVSSv3 score of 7.8. This was the only publicly disclosed CVE prior to patch Tuesday. Microsoft rates this as "exploitation more likely,” however at this time no public proof-of-concept appears to exist. In order to exploit this vulnerability, an attacker would need to be authenticated.

Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-22005)

CVE-2022-22005 is a RCE vulnerability in Microsoft SharePoint Server with a CVSSv3 score of 8.8. Microsoft rates this as “exploitation more likely,” however at this time no public proof-of-concept appears to exist. In order to exploit this vulnerability, an attacker would need to be authenticated.

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2022-21995)

CVE-2022-21995 is a RCE vulnerability in Microsoft Windows Hyper-V with a CVSSv3 score of 7.9. Microsoft rates this as "Exploitation Less Likely", however at this time no public proof-of-concept appears to exist. In order to exploit this vulnerability, an attacker requires prior actions from the user .