Ref# ADV2022_241Microsoft | Date: Oct 13th 2022

---

Microsoft has published a security advisory to address vulnerabilities affecting multiple products on the 11th of October 2022. It is recommended that you take the necessary precautions to ensure your products are always protected. 

• Active Directory Domain Services 

• Azure – Service Fabric Explorer, Stack Edge and StorSimple 8000 Series 

• Azure Arc – enabled Kubernetes cluster versions 1.5.8 to 1.8.11 

• Client Server Run-time Subsystem (CSRSS) –  

• Microsoft Edge (Chromium-based) 

• Microsoft Graphics Component 

• Microsoft Office multiple editions 

• Microsoft Office SharePoint multiple editions 

• Microsoft WDAC OLE DB provider for SQL 

• NuGet Client 

• Remote Access Service Point-to-Point Tunneling Protocol 

• Role: Windows Hyper-V 

• Service Fabric 

• Visual Studio Code versions 16.9 to 17.3 

• Windows Active Directory Certificate Services 

• Windows ALPC 

• Windows CD-ROM Driver 

• Windows COM+ Event System Service 

• Windows Connected User Experiences and Telemetry 

• Windows CryptoAPI 

• Windows Defender 

• Windows DHCP Client 

• Windows Distributed File System (DFS) 

• Windows DWM Core Library 

• Windows Event Logging Service 

• Windows Group Policy 

• Windows Group Policy Preference Client 

• Windows Internet Key Exchange (IKE) Protocol 

• Windows Kernel 

• Windows Local Security Authority (LSA) 

• Windows Local Security Authority Subsystem Service (LSASS) 

• Windows Local Session Manager (LSM) 

• Windows NTFS 

• Windows NTLM 

• Windows ODBC Driver 

• Windows Perception Simulation Service 

• Windows Point-to-Point Tunneling Protocol 

• Windows Portable Device Enumerator Service 

• Windows Print Spooler Components 

• Windows Resilient File System (ReFS) 

• Windows Secure Channel 

• Windows Security Support Provider Interface 

• Windows Server Remotely Accessible Registry Keys 

• Windows Server Service 

• Windows Storage 

• Windows TCP/IP 

• Windows USB Serial Driver 

• Windows Web Account Manager 

• Windows Win32K 

• Windows WLAN Service 

• Windows Workstation Service 

For more information on this update, you can follow this URL: 

https://msrc.microsoft.com/update-guide/deploymentst 

The Guyana National CIRT recommends that users and administrators review this update and apply it where necessary. 

PDF Download: Microsoft Security Advisory.pdf

References 

• Microsoft Releases October 2022 Security Updates. (11th of October 2022). Reviewed from CISA:  
  https://www.cisa.gov/uscert/ncas/current-activity/2022/10/11/microsoft-releases-october-2022-security-updates 

• Security Update Guide. (11th of October 2022). Reviewed from Microsoft:
  https://msrc.microsoft.com/update-guide/deployments 

• October 2022 Security Updates. (11th of October 2022). Reviewed from Microsoft: 
  https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct