[cifs-protocol] October 2022 Patch Tuesday: Network visible behaviours

Andrew Bartlett abartlet at samba.org
Tue Oct 11 18:26:20 UTC 2022 

Are there any network-visible behaviour changes in the October 2022 Patch Tuesday, in particular in:

Active Directory Domain Services    CVE-2022-38042    Active Directory Domain Services Elevation of Privilege Vulnerability    Important
Windows Active Directory Certificate Services    CVE-2022-37978    Windows Active Directory Certificate Services Security Feature Bypass    ImportantWindows Active Directory Certificate Services    CVE-2022-37976    Active Directory Certificate Services Elevation of Privilege Vulnerability    Critical

Windows Group Policy    CVE-2022-37975    Windows Group Policy Elevation of Privilege Vulnerability    ImportantWindows Group Policy Preference Client    CVE-2022-37994    Windows Group Policy Preference Client Elevation of Privilege Vulnerability    ImportantWindows Group Policy Preference Client    CVE-2022-37993    Windows Group Policy Preference Client Elevation of Privilege Vulnerability    ImportantWindows Group Policy Preference Client    CVE-2022-37999    Windows Group Policy Preference Client Elevation of Privilege Vulnerability    Important
Windows Local Security Authority (LSA)    CVE-2022-38016    Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability    ImportantWindows Local Security Authority Subsystem Service (LSASS)    CVE-2022-37977    Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability    Important

Windows NTLM    CVE-2022-35770    Windows NTLM Spoofing Vulnerability    Important
Windows Secure Channel    CVE-2022-38041    Windows Secure Channel Denial of Service Vulnerability    ImportantWindows Security Support Provider Interface    CVE-2022-38043    Windows Security Support Provider Interface Information Disclosure Vulnerability    ImportantWindows Server Remotely Accessible Registry Keys    CVE-2022-38033    Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability    ImportantWindows Server Service    CVE-2022-38045    Server Service Remote Protocol Elevation of Privilege Vulnerability    Important
    ImportantWindows Workstation Service    CVE-2022-38034    Windows Workstation Service Elevation of Privilege Vulnerability    Important

Also more broadly, and cheekily open-ended, is there anything else the Samba Team should know about this or other recent security updates?

(If the answer is still security-sensitive, then you can CC security at samba.org instead).

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20221012/87095007/attachment.htm>

More information about the cifs-protocol mailing list