Microsoft Patch Tuesday November 2022: Exchange ProxyNotShell RCE, JScript9, MoTW, OpenSSL, Edge, CNG, Print Spooler

Hello everyone! This episode will be about Microsoft Patch Tuesday for November 2022, including vulnerabilities that were added between October and November Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. 00:15 Remote Code Execution – Microsoft Exchange (CVE-2022-41040, CVE-2022-41082) ProxyNotShell patches 01:12 Remote Code Execution – Windows Scripting Languages (CVE-2022-41128) 02:13 Security Feature Bypass - Windows Mark of the Web (CVE-2022-41049, CVE-2022-41091) 03:33 Remote Code Execution - OpenSSL (CVE-2022-3602) 04:09 Memory Corruption - Microsoft Edge (CVE-2022-3723) 04:32 Elevation of Privilege - Windows CNG Key Isolation Service (CVE-2022-41125) 05:05 Elevation of Privilege - Windows Print Spooler (CVE-2022-41073) 05:39 Elevation of Privilege - Kerberos (CVE-2022-37966) 06:55 Elevation of Privilege - Microsoft Exchange (CVE-2022-41080) 07:12 Elevation of Privilege - Netlogon RPC (CVE-2022-38023) Blogpost: #PatchTuesday #Microsoft #ProxyNotShell