<html dir="ltr"><head></head><body style="text-align:left; direction:ltr;"><div><span><pre>Are there any network-visible behaviour changes in the October 2022 Patch Tuesday, in particular in:</pre><pre><br></pre><table id="tableOfContents" style="width:65%; margin-top:5"><tbody><tr><td>Active Directory Domain Services</td> <td><a href="https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2022.html#CVE-2022-38042">CVE-2022-38042</a></td> <td>Active Directory Domain Services Elevation of Privilege Vulnerability</td> <td>Important</td></tr>
<tr><td><br></td><td></td><td></td><td></td></tr>
<tr><td>Windows Active Directory Certificate Services</td> <td><a href="https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2022.html#CVE-2022-37978">CVE-2022-37978</a></td> <td>Windows Active Directory Certificate Services Security Feature Bypass</td> <td>Important</td></tr>
<tr><td>Windows Active Directory Certificate Services</td> <td><a href="https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2022.html#CVE-2022-37976">CVE-2022-37976</a></td> <td>Active Directory Certificate Services Elevation of Privilege Vulnerability</td> <td><span class="crit">Critical</span></td></tr>
<tr><td><br></td><td></td><td></td><td></td></tr>
<tr><td><br></td><td></td><td></td><td></td></tr>
<tr><td>Windows Group Policy</td> <td><a href="https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2022.html#CVE-2022-37975">CVE-2022-37975</a></td> <td>Windows Group Policy Elevation of Privilege Vulnerability</td> <td>Important</td></tr>
<tr><td>Windows Group Policy Preference Client</td> <td><a href="https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2022.html#CVE-2022-37994">CVE-2022-37994</a></td> <td>Windows Group Policy Preference Client Elevation of Privilege Vulnerability</td> <td>Important</td></tr>
<tr><td>Windows Group Policy Preference Client</td> <td><a href="https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2022.html#CVE-2022-37993">CVE-2022-37993</a></td> <td>Windows Group Policy Preference Client Elevation of Privilege Vulnerability</td> <td>Important</td></tr>
<tr><td>Windows Group Policy Preference Client</td> <td><a href="https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2022.html#CVE-2022-37999">CVE-2022-37999</a></td> <td>Windows Group Policy Preference Client Elevation of Privilege Vulnerability</td> <td>Important</td></tr>
<tr><td><br></td><td></td><td></td><td></td></tr>
<tr><td>Windows Local Security Authority (LSA)</td> <td><a href="https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2022.html#CVE-2022-38016">CVE-2022-38016</a></td> <td>Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability</td> <td>Important</td></tr>
<tr><td>Windows Local Security Authority Subsystem Service (LSASS)</td> <td><a href="https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2022.html#CVE-2022-37977">CVE-2022-37977</a></td> <td>Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability</td> <td>Important</td></tr>
<tr><td><br></td><td></td><td></td><td></td></tr>
<tr><td><br></td><td></td><td></td><td></td></tr>
<tr><td>Windows NTLM</td> <td><a href="https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2022.html#CVE-2022-35770">CVE-2022-35770</a></td> <td>Windows NTLM Spoofing Vulnerability</td> <td>Important</td></tr>
<tr><td><br></td><td></td><td></td><td></td></tr>
<tr><td>Windows Secure Channel</td> <td><a href="https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2022.html#CVE-2022-38041">CVE-2022-38041</a></td> <td>Windows Secure Channel Denial of Service Vulnerability</td> <td>Important</td></tr>
<tr><td>Windows Security Support Provider Interface</td> <td><a href="https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2022.html#CVE-2022-38043">CVE-2022-38043</a></td> <td>Windows Security Support Provider Interface Information Disclosure Vulnerability</td> <td>Important</td></tr>
<tr><td>Windows Server Remotely Accessible Registry Keys</td> <td><a href="https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2022.html#CVE-2022-38033">CVE-2022-38033</a></td> <td>Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability</td> <td>Important</td></tr>
<tr><td>Windows Server Service</td> <td><a href="https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2022.html#CVE-2022-38045">CVE-2022-38045</a></td> <td>Server Service Remote Protocol Elevation of Privilege Vulnerability</td> <td>Important</td></tr>
<tr><td><br></td><td></td><td></td><td></td></tr><tr><td></td><td></td><td></td> <td>Important</td></tr>
<tr><td>Windows Workstation Service</td> <td><a href="https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2022.html#CVE-2022-38034">CVE-2022-38034</a></td> <td>Windows Workstation Service Elevation of Privilege Vulnerability</td> <td><div>Important</div></td></tr></tbody></table><pre><br></pre><pre>Also more broadly, and cheekily open-ended, is there anything else the Samba Team should know about this or other recent security updates?</pre><pre><br></pre><pre>(If the answer is still security-sensitive, then you can CC <a href="mailto:security@samba.org">security@samba.org</a> instead).</pre><pre><br></pre><pre>Thanks,</pre><pre><br></pre><pre>Andrew Bartlett</pre><pre>-- <br></pre><div style="width: 71ch;">Andrew Bartlett (he/him) <a href="https://samba.org/~abartlet/">https://samba.org/~abartlet/</a></div><div style="width: 71ch;">Samba Team Member (since 2001) <a href="https://samba.org">https://samba.org</a></div><div style="width: 71ch;">Samba Team Lead, Catalyst IT <a href="https://catalyst.net.nz/services/samba">https://catalyst.net.nz/services/samba</a></div><div style="width: 71ch;"><br></div><div style="width: 71ch;">Samba Development and Support, Catalyst IT - Expert Open Source</div><div style="width: 71ch;">Solutions</div><div style="width: 71ch;"></div></span></div></body></html>