According to the official changelog, the 63 vulnerabilities fixed this month include
● 18 privilege escalation vulnerabilities
● 1 security feature bypass vulnerability
● 30 remote code execution vulnerabilities
● 7 Information Disclosure Vulnerabilities
● 7 denial of service vulnerabilities
● 16 Chromium-based Edge vulnerabilities
The above count does not include the 16 vulnerabilities fixed in Microsoft Edge prior to Patch Tuesday. For information on non-secure Windows updates, you can read today’sWindows 10 KB5017308、 KB5017315 updatesandWindows 11 KB5017328 update.
This month’s Patch Tuesday fixes two publicly disclosed zero-day vulnerabilities, one of which was actively exploited in the attack. If a vulnerability is publicly disclosed or actively exploited without an official fix available,Microsoftwould classify it as a zero-day vulnerability.
The zero-day exploited by hackers patched today is tracked as “CVE-2022-37969 – Windows Common Journaling File System Driver Elevation of Privilege Vulnerability”. “An attacker who successfully exploited this vulnerability could gain system privileges,” Microsoft’s advisory reads.