[cifs-protocol] October 2022 Patch Tuesday: Network visible behaviours
Andrew Bartlett
abartlet at samba.org
Tue Oct 11 18:26:20 UTC 2022
Are there any network-visible behaviour changes in the October 2022 Patch Tuesday, in particular in:
Active Directory Domain Services CVE-2022-38042 Active Directory Domain Services Elevation of Privilege Vulnerability Important
Windows Active Directory Certificate Services CVE-2022-37978 Windows Active Directory Certificate Services Security Feature Bypass ImportantWindows Active Directory Certificate Services CVE-2022-37976 Active Directory Certificate Services Elevation of Privilege Vulnerability Critical
Windows Group Policy CVE-2022-37975 Windows Group Policy Elevation of Privilege Vulnerability ImportantWindows Group Policy Preference Client CVE-2022-37994 Windows Group Policy Preference Client Elevation of Privilege Vulnerability ImportantWindows Group Policy Preference Client CVE-2022-37993 Windows Group Policy Preference Client Elevation of Privilege Vulnerability ImportantWindows Group Policy Preference Client CVE-2022-37999 Windows Group Policy Preference Client Elevation of Privilege Vulnerability Important
Windows Local Security Authority (LSA) CVE-2022-38016 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability ImportantWindows Local Security Authority Subsystem Service (LSASS) CVE-2022-37977 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Important
Windows NTLM CVE-2022-35770 Windows NTLM Spoofing Vulnerability Important
Windows Secure Channel CVE-2022-38041 Windows Secure Channel Denial of Service Vulnerability ImportantWindows Security Support Provider Interface CVE-2022-38043 Windows Security Support Provider Interface Information Disclosure Vulnerability ImportantWindows Server Remotely Accessible Registry Keys CVE-2022-38033 Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability ImportantWindows Server Service CVE-2022-38045 Server Service Remote Protocol Elevation of Privilege Vulnerability Important
ImportantWindows Workstation Service CVE-2022-38034 Windows Workstation Service Elevation of Privilege Vulnerability Important
Also more broadly, and cheekily open-ended, is there anything else the Samba Team should know about this or other recent security updates?
(If the answer is still security-sensitive, then you can CC security at samba.org instead).
Thanks,
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20221012/87095007/attachment.htm>
More information about the cifs-protocol
mailing list