On Tuesday, October 10th, Microsoft released an update that fixed 84 security flaws, warning that attackers are launching zero-day attacks.
What is it exactly?
CVE-2022-41033 is an elevation of privilege (EoP) vulnerability in the Windows COM+ Event System Service, which automatically distributes events to Component Object Model (COM) components. NIST scored it 7.8.
13 of the 84 vulnerabilities carry the highest “critical” severity rating, 71 as important and 1 as moderate. The number of bugs in each vulnerability category is listed below:
39 Elevation of Privilege Vulnerabilities
2 Security Feature Bypass Vulnerabilities
20 Remote Code Execution Vulnerabilities
11 Information Disclosure Vulnerabilities
8 Denial of Service Vulnerabilities
4 Spoofing Vulnerabilities
By updating CVEs regularly, CloudWize users are alerted to relevant critical vulnerabilities immediately and can easily remediate them.
We recommend updating your Microsoft software.
Watch in CloudWize platform: