11 out of 68 vulnerabilities corrected in the latest update, they received critical status, as they allow the hacker to increase privileges, carry out spuffing or perform arbitrary code.
Below is the number of vulnerabilities in different categories:
27 vulnerabilities of increasing privileges;
4 vulnerabilities of bypassing security functions;
16 vulnerabilities of remote code execution;
11 vulnerabilities of information disclosure;
6 vulnerabilities of refusal to maintain;
3 of the vulnerability of Spuls.
And this is without taking into account two vulnerabilities in Opensl, disclosed on November 2, 2022.
6 zero -day vulnerabilities were eliminated actively used in real attacks:
cve-2022-41128 -the possibility of removal execution of code in Windows script languages;
cve-2022-41091 -bypassing the protective functionality of Windows Mark Of the Web;
CVE-2022-41073 -the possibility of increasing privileges in a sprayer Printing Microsoft Windows;
cve-2022-41125 -increased rights in the insulation service keys CNG Windows;
CVE-2022-41040 -increased rights in Microsoft Exchange Server;
cve-2022-41082 -the possibility of remote code in Microsoft Exchange Server.
If you want to get acquainted with a full list of vulnerabilities and their detailed description, feel free to look at site Bleepingcomputer .