Top 5 Zero-day Vulnerabilities of November

Leave a Comment / By /
  1. CVE-2022-42827

Severity – High

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

More details : https://vi.strobes.co/cve/CVE-2022-42827

Zeroday references:

  1. https://www.zero-day.cz/database/726

Patch references:

  1. https://www.cybersecurity-help.cz/vdb/SB2022102435
  2. https://support.apple.com/en-us/HT213490
  3. https://support.apple.com/en-us/HT213489

  1. CVE-2022-4262

Severity – Low

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

More details : https://vi.strobes.co/cve/CVE-2022-4262

Zeroday references:

  1. https://www.zero-day.cz/database/736

Patch references:

  1. https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
  2. https://www.cybersecurity-help.cz/vdb/SB2022120301

  1. CVE-2022-42458

Severity – Low

More details : https://vi.strobes.co/cve/CVE-2022-42458

Zeroday references: 

  1. https://www.zero-day.cz/database/724

Patch references:

  1. https://www.cybersecurity-help.cz/vdb/SB2022101101

       4. CVE-2022-4135

Severity – Critical

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

More details: https://vi.strobes.co/cve/CVE-2022-4135

Zeroday references:

  1. https://www.zero-day.cz/database/735

Patch references:

  1. https://www.cybersecurity-help.cz/vdb/SB2022112504
  2. https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
  3. https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security

        5. CVE-2022-41128

Severity – High

Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118.

More details : https://vi.strobes.co/cve/CVE-2022-41128

Zeroday references:

  1. https://www.zero-day.cz/database/729

Patch references:

  1. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023
  2. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009
  3. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003
  4. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019958
  5. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000
  6. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013
  7. https://support.microsoft.com/help/5020023
  8. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010
  9. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964
  10. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970
  11. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959
  12. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980
  13. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961
  14. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081
  15. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966
  16. https://www.cybersecurity-help.cz/vdb/SB2022110809
  17. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41128

Zero-Day Attack Prevention:

These exploits are unpredictable, zero-day protection is necessary. Here are some suggestions regarding how to safeguard your software and vulnerable programmes from zero-day attacks.

  • Once the security patches are available, update all programmes and software.
  • Web application software must be employed to secure the website. You are capable of precisely detecting attacks.
  • Install a security package for the internet. It often comprises default-deny protection, heuristic file analysis, smart anti-virus, and sandboxing techniques.
  • Operate on sites that are secured with Secure Socket Layer (SSL).
  • Go for multiple layer protection with Web application firewalls
  • Protect the content of individual transmissions with the help of Virtual LANs.

Stay ahead of threats using Strobes:

Strobes will help you correlate data between vulnerability scans and vulnerability intelligence making sure to keep you updated whenever there is a zero-day in the wild. 

About The Author

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top