With its latest Patch Tuesday of November 8, 2022, Microsoft fixes numerous security flaws and bugs in Windows and its other software. Install these patches without delay to have a functional and protected PC.
If you use Microsoft software, including Windows, Office, Skype, Teams or Edge, it is in your best interest to install the updates that the publisher offers without waiting. And in particular, Patch Tuesday, this famous set of patches, which the publisher traditionally publishes on the second Tuesday of each month, not only to fix bugs, but also, and above all, to fill in recently identified security vulnerabilities and, often already exploited by pirates. This is the case with the latest Patch Tuesday, released on November 8, 2022, which fixes 68 vulnerabilities as well as 6 zero-day flaws actively exploited by hackers.
Patch Tuesday: a set of patches to install without delay
The motto is simple and clear: do not wait to perform these security updates! In fact, in a copious 114-page report – the Microsoft Digital Defense Report 2022freely downloadable, but unfortunately only in English – published on his site Microsoft Security, Microsoft draws up an alarming report on the rise of cyberattacks. Above all, the publisher points out that hackers – private or state – know how to rush on the flaws discovered to exploit them even before users install the appropriate patches, taking advantage of their slowness to react by emphasizing the reduction in the time observed between announcement of a vulnerability and its exploitation. The publisher thus considers that a flaw “in nature” remains exploitable an average of 14 days after being made public, which gives hackers plenty of time to take advantage of it. By emphasizing that certain states, such as China, have become “particularly competent” to find and exploit these famous so-called zero-day vulnerabilities… In short, since hackers have a good head start, it is essential to install patches as soon as possible. that they are available.
What are the vulnerabilities corrected by Patch Tuesday?
Of the 68 vulnerabilities corrected by the November 2022 Patch Tuesday, 11 are considered critical because they pose various serious risks (elevation of privileges, remote code execution, denial of service, etc.). All these flaws are referenced and documented in detail by Microsoft under standardized names: CVE-2022-39327, CVE-2022-41040, CVE-2022-41080, CVE-2022-38015, CVE-2022-37967, CVE-2022-37966, CVE-2022-41044, CVE-2022-41039, CVE-2022-41088, CVE-2022-41118 and CVE-2022-41128. Reading Microsoft’s sheets is not easy: it should be noted above all that these vulnerabilities concern Windows 7, Windows Server 2008 and 2011, Windows 8.1, Windows 10 and Windows 11, including version 22H2. But also other Microsoft products such as Office, Excel, Word, Visual Studio, BitLocker or even the Linux kernel used by WSL2, which notably runs Android applications in Windows 11. In short, many holes in the racket that it should to butcher as soon as possible!
As impressive as it is, this number of flaws is not a record. In April 2022, Microsoft had fixed 128 of them with its Patch Tuesday. And, in June, it was 55 so the famous Follina vulnerability. Officially referenced under the name CVE-2022-30190, it allowed to infect a PC via a corrupted Word document going to recover an HTML file containing malicious code then executed by a PowerShell command line via the Windows support diagnostic tool. A clever process, all the more dangerous as disabling macros was not enough to guard against an attack. The flaw, which had already been exploited by hackers to target American and European government agencies, had thus been used to spread spyware (spyware), banking Trojans (to steal information) and malware capable of to delete data. Suffice to say that the matter was serious…
Proof that despite all its efforts, Microsoft still leaves flaws in its software. But, contrary to what the gossip is spreading, Apple is in the same boat: and the Apple publisher also regularly publishes security updates for macOS and iOS, sometimes at a high rate…
In addition, note that Microsoft is taking advantage of Patch Tuesday in November to simultaneously release various functional updates for its systems, in particular for Windows 10 and Windows 11. Versions with discreet, but real virtues. Thus, in some cases, we can finally access the Windows 11 Task Manager by right-clicking in the taskbar – the function returned a few days ago, in a Windows 11 22H2 update, but not at everybody ! In other cases, PCs that were mysteriously denied the upgrade to Windows 11 22H2 – despite being officially compatible – are offered the option. Microsoft’s ways are unfathomable…
How to download Microsoft’s Patch Tuesday?
Patch Tuesday — the set of patches Microsoft prepares for all of its software, not just Windows — is released on the second Tuesday of each month (see our how-to sheet for all about Windows updates, builds, and updates). KB fixes). To take advantage of it, just go through Windows Update by opening the Windows settings. Two scenarios then arise: either the updates are in automatic mode – the default option – and you just have to wait for them to be downloaded to install them after restarting the PC; either they are in manual mode, and you have to click on the Check for updates button to force their download before restarting the computer. In general, it is better to have the reflex to systematically check the availability of updates and patches at least once a month, the second Wednesday, for example, just after the release of Patch Tuesday.
