Microsoft released its monthly security update Tuesday, disclosing 51 vulnerabilities across its large collection of hardware and software.
With zero critical vulnerabilities announced.
Nothing has been exploited in the wild as of yet and MS hasn’t released any to the public so far.
Plus 4 other vulnerabilities that could allow attackers to escalate their privileges:
- CVE-2022-21989 — Windows Kernel
- CVE-2022-21994 — Windows DWM Core Library
- CVE-2022-21996 — Win32k
- CVE-2022-22715 — Named Pipe File
the most notable of these in severity CVE-2022-22005 is a remote code execution vulnerability in SharePoint that received a severity score of 8.8 out of 10. An adversary would need to be authenticated and possess correct permissions for page creation to exploit this vulnerability.