Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability

CVE-2022-37966

Windows Kerberos Elevation of Privilege Vulnerability

CVE-2022-37967

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.

Windows Kerberos Elevation of Privilege Vulnerability.

Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118.

CVE-2022-41128

Windows Scripting Languages Remote Code Execution Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability.

CVE-2022-41073

VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.

Advisory ID: VMSA-2022-0028

CVSSv3 Range: 4.2-9.8

Issue Date: 2022-11-08

Updated On: 2022-11-08 (Initial Advisory)

CVE(s): CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

Synopsis: VMware Workspace ONE Assist update addresses multiple vulnerabilities.

****1\. Impacted Products****

*   VMware Workspace ONE Assist (Assist)

****2\. Introduction****

Multiple vulnerabilities in VMware Workspace ONE Assist were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products. 

****3a. Authentication Bypass vulnerability (CVE-2022-31685)****

VMware Workspace ONE Assist contains an Authentication Bypass vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

Fixes for CVE-2022-31685 are documented in the 'Fixed Version' column of the 'Response Matrix' below.  

VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

****3b. Broken Authentication Method vulnerability (CVE-2022-31686)****

VMware Workspace ONE Assist contains a Broken Authentication Method vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application.

Fixes for CVE-2022-31686 are documented in the 'Fixed Version' column of the 'Response Matrix' below.  

VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

****3c. Broken Access Control vulnerability (CVE-2022-31687)****

VMware Workspace ONE Assist contains a Broken Access Control vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application.

Fixes for CVE-2022-31687 are documented in the 'Fixed Version' column of the 'Response Matrix' below.  

VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

****3d. Reflected cross-site scripting (XSS) vulnerability (CVE-2022-31688)****

VMware Workspace ONE Assist contains a reflected cross-site scripting (XSS) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.4.

Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.

Fixes for CVE-2022-31688 are documented in the 'Fixed Version' column of the 'Response Matrix' below.  

VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

****3e. Session fixation vulnerability (CVE-2022-31689)****

VMware Workspace ONE Assist contains a session fixation vulnerability due to improper handling of session tokens. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.2.

A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.

Fixes for CVE-2022-31689 are documented in the 'Fixed Version' column of the 'Response Matrix' below.  

VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

**Response Matrix 3a, 3b, 3c, 3d, 3e:**

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Assist Server(s)

21.x, 22.x

Windows

CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

4.2 - 9.8

critical

22.10

None

KB89993

Assist for macOS

Any

macOS

CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

N/A

N/A

Unaffected

N/A

N/A

Assist for Android

Any

Android

CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

N/A

N/A

Unaffected

N/A

N/A

Assist for Windows Desktop (Formerly Windows 10 Desktop)

Any

Windows

CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

N/A

N/A

Unaffected

N/A

N/A

Assist for Windows Mobile

Any

Windows Mobile

CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

N/A

N/A

Unaffected

N/A

N/A

Assist for VMware Horizon - Windows 10 Agent

Any

Windows

CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

N/A

N/A

Unaffected

N/A

N/A

Assist for Linux

Any

Linux

CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

N/A

N/A

Unaffected

N/A

N/A

****4\. References****

****5\. Change Log****

**2022-11-08: VMSA-2022-0028**  
Initial security advisory.

****6\. Contact****

CVE-2022-31689: VMSA-2022-0028

By Deeba Ahmed
Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed!
This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

It is no surprise that Microsoft’s products are on the hit list of cyber attacks, given the steadily increasing number of **zero-day attacks against them**. It is the second time in two months that the reputed software maker has released patches to fix already exploited zero-days in its scheduled Patch Tuesday update. The company urged Windows Administrators to install the updates urgently.

 The details of these flaws and the subsequent fixes are as follows:

**Microsoft Fixes Crucial Flaws in Patch Tuesday Update**

According to the tech giant, in its monthly security update, Patch Tuesday, the company has released patches for 68 vulnerabilities, including six unique, actively exploited zero-days. These flaws were flagged in the Exploitation Category. This includes two fixes for **Exchange Server security flaws** that a state-sponsored entity exploited for several months.

Twelve flaws were marked Critical, two of which were rated High, whereas fifty-five were rated Important in severity. The company also released patches for weaknesses fixed the previous week by **OpenSSL**.

Microsoft separately fixed another actively exploited vulnerability, **CVE-2022-3723**. It was detected in Chromium-based browsers.

**Zero-Days Details**

Microsoft’s security response team described four new and already exploited zero-days tracked as **CVE-2022-41125**, **CVE-2022-41073**, **CVE-2022-41091**, and **CVE-2022-41128**.

The CVE-2022-41128 was detected by Google TAG’s Benoît Sevens and Clément Lecigne, found in the Jscript9 component. It occurred when the target was lured to visit a malicious website.

The CVE-2022-41091 is a security bypass flaw in Windows MoTW (Mark of the Web), which was recently discovered to be weaponized by the **Magniber ransomware** actor, and users were targeted with fake software updates. A malicious file could help the attacker evade MoTW defenses that lead to loss of integrity and security features like MS Office’s Protected View, **Microsoft’s advisory read**.

**Microsoft Exchange Server Vulnerabilities**

In addition, they also patched two Microsoft Exchange server flaws tracked as **CVE-2022-41040 and CVE-2022-41082**. These exploits were used for privilege escalation, RCE (remote code execution), and feature bypassing.

The first four flaws impacted the Windows CNG Key Isolation Service, the Windows Print Spooler, Windows Mark of the Web Security, and Windows Scripting Languages. The other two flaws that **affected Exchange Server** entailed an RCE, and a privilege escalation bug, which was actually part of an extended exploit chain that Microsoft believes was exploited by a state-sponsored threat actor.

According to Microsoft, due to security issues, at least ten organizations have been targeted. Both flaws are documented as SSRF (server-side request forgery) issues.

**Critical Vulnerabilities Fixed in November**

Other Critical-rated vulnerabilities were privilege escalation flaws discovered in Windows Kerberos RC4-HMAC (**CVE-2022-37966**), Kerberos (**CVE-2022-37967**), and Microsoft Exchange Server (**CVE-2022-41080**). Moreover, a denial-of-service flaw was also fixed that impacted Windows Hyper-V (**CVE-2022-38015**).

1.  **Chinese Hackers Hiding Malware in Windows Logo**
2.  **Hackers Abusing Microsoft Dynamics 365 Customer Voice**
3.  **Microsoft Office Most Exploited Software in Malware Attacks**
4.  **Apple Safari Safest, Google Chrome Riskiest Browser of 2022**
5.  **Scammers Leveraging Microsoft Team GIFs in Phishing Attacks**

Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

An out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

Tag

#windows