Microsoft’s Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild.
Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the actively exploited ProxyNotShell flaws in Exchange Server.
The patches come alongside updates to resolve 12 other flaws in the Chromium-based Edge browser that have been released since the beginning of the month.
Topping the list of this month’s patches is CVE-2022-41033 (CVSS score: 7.8), a privilege escalation vulnerability in Windows COM+ Event System Service. An anonymous researcher has been credited with reporting the issue.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” the company said in an advisory, cautioning that the shortcoming is being actively weaponized in real-world attacks.
images from Hacker News