Published threat advisories for November 9, 2022

A vulnerability in Windows Scripting Languages may allow attackers to execute remote code. This impacts various Windows systems, creating risk of system compromise and data exposure. Organizations should apply available updates to mitigate business risk.

NVD published: November 9, 2022 • CISA KEV

A vulnerability in the Windows CNG Key Isolation Service allows a local attacker to gain elevated system privileges. This could impact organizations by enabling unauthorized access to sensitive data and system control. Applying vendor security updates is recommended to mitigate this risk.

NVD published: November 9, 2022 • CISA KEV

This vulnerability in Windows can allow attackers to bypass security features. The risk involves a limited loss of data integrity and availability of security functions. Applying vendor updates is recommended to mitigate this risk.

NVD published: November 9, 2022 • CISA KEV

Microsoft Exchange Server has an elevation of privilege vulnerability. This could allow an attacker to gain unauthorized access to sensitive data and systems. The risk to business operations and data integrity is significant, particularly as this vulnerability has been observed in active campaigns. Organizations should

NVD published: November 9, 2022 • CISA KEV

A vulnerability in the Windows Print Spooler allows an attacker with local access to escalate privileges. This can lead to unauthorized data access and system control, posing a business risk to affected organizations.

NVD published: November 9, 2022 • CISA KEV

A vulnerability exists in Windows that allows attackers to bypass security features. This could affect data integrity and the availability of security protections. The risk to organizations is heightened as this vulnerability is actively exploited.

NVD published: November 9, 2022 • CISA KEV