{"id":49226,"date":"2022-11-09T13:32:04","date_gmt":"2022-11-09T13:32:04","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34021\/Microsoft-Squashes-6-Security-Bugs-Already-Exploited-In-The-Wild.html"},"modified":"2022-11-09T13:32:04","modified_gmt":"2022-11-09T13:32:04","slug":"microsoft-squashes-6-security-bugs-already-exploited-in-the-wild","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/","title":{"rendered":"Microsoft Squashes 6 Security Bugs Already Exploited In The Wild"},"content":{"rendered":"<p><span class=\"label\">Patch Tuesday<\/span> November&#8217;s Patch Tuesday also falls on election day in the US, so let&#8217;s hope that democracy fares better than Microsoft, which reported six of today&#8217;s bugs are already being exploited in the wild by miscreants.<\/p>\n<p>Another 22 vulnerabilities in the Windows giant&#8217;s products have been labeled &#8220;more likely to be exploited&#8221; than not. Also, shockingly, Adobe skipped the monthly patch party. &#8220;Heads-up that Adobe does not have regularly scheduled updates planned for today,&#8221; a spokesperson told <em>The Register<\/em>.<\/p>\n<p>Back to Microsoft: Redmond rated 11 vulnerabilities in its code as critical CVE-listed holes with the rest deemed important. It also appears to have <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2022\/10\/04\/atlassian_microsoft_cisa_flaws\/\" rel=\"noopener\">finally fixed<\/a> (fingers crossed) the two Exchange Server bugs dubbed ProxyNotShell that have been exploited as far back as August.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Let&#8217;s start with the two <a href=\"https:\/\/www.theregister.com\/2022\/10\/11\/october_patch_tuesday\/\">long-awaited<\/a> Exchange fixes. <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41082\" rel=\"nofollow\">CVE-2022-41028<\/a> is a remote code execution (RCE) vulnerability and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41040\" rel=\"nofollow\">CVE-2022-41040<\/a> is a server-side request forgery bug. Both can be exploited together to run PowerShell commands on a vulnerable system and take control of it.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Since late September, Redmond has issued <a href=\"https:\/\/msrc-blog.microsoft.com\/2022\/09\/29\/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server\/\" rel=\"nofollow\">several mitigation updates<\/a>, though all of these temporary fixes have been bypassed by security researchers. Let&#8217;s hope the November plugs do the trick.<\/p>\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41128\" rel=\"nofollow\">CVE-2022-41128<\/a>, another RCE bug in the JScript9 scripting language engine, has also been exploited by miscreants, according to Microsoft, so we&#8217;d suggest patching this one next.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>To exploit it, an attacker would need to trick a user running an unpatched version of Windows into visiting a specially crafted server share or website, probably using a phishing link or download. At that point, the attacker can run arbitrary code on the affected system with the user&#8217;s level of privileges.<\/p>\n<p>&#8220;Microsoft provides no insight into how widespread this may be but considering it&#8217;s a browse-and-own type of scenario, I expect this will be a popular bug to include in exploit kits,&#8221; Zero Day Initiative&#8217;s Dustin Childs <a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2022\/11\/8\/the-november-2022-security-update-review\" rel=\"nofollow\">noted<\/a>.<\/p>\n<p>Another now-patched bug listed under active exploit, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41091\" rel=\"nofollow\">CVE-2022-41091<\/a>, is a Windows Mark of the Web (MotW) bypass vulnerability. This fix seems to address at least one of the MotW flaws we&#8217;ve <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2022\/11\/01\/microsoft_motw_malware_flaw\/\" rel=\"noopener\">previously highlighted<\/a>, which have been abused in the wild.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/deployoffice\/security\/internet-macros-blocked#additional-information-about-mark-of-the-web\" rel=\"nofollow\">MotW<\/a> is supposed to identify a file as being sourced from the internet, so when a user opens it, extra security defenses trigger, such as a warning to the user.<\/p>\n<p>But there are ways around it, allowing malicious stuff that should be caught by Microsoft&#8217;s defenses to carry on as if it&#8217;s all above board. Indeed, exploiting CVE-2022-41091 involves tricking a victim into opening &#8220;a malicious file that would evade Mark of the Web defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MotW tagging,&#8221; Redmond explained.<\/p>\n<p>Vulnerability guru <a href=\"https:\/\/twitter.com\/wdormann\" rel=\"nofollow\">Will Dormann<\/a> has been tweeting about this type of flaw since July, and today went into <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/wdormann\/status\/1590044005395357697\">more detail<\/a> about this particular vulnerability and how it could be abused. Ted teamer Kuba Gretzky also published an <a href=\"https:\/\/breakdev.org\/zip-motw-bug-analysis\/\" rel=\"nofollow\">in-depth analysis<\/a> of the bug; it&#8217;s a good idea to patch ASAP.<\/p>\n<p>Finally, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41073\" rel=\"nofollow\">CVE-2022-41073<\/a>, a Windows print spooler elevation of privilege bug, and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41125\" rel=\"nofollow\">CVE-2022-41125<\/a>, a Windows CNG key isolation service elevation of privilege vulnerability, round out the last of the Microsoft flaws being exploited in the wild.&nbsp;<\/p>\n<p>If the print spooler bug sounds familiar, it should \u2014 remember <a href=\"https:\/\/www.theregister.com\/2021\/07\/07\/printnightmare_fix_fail\/\">PrintNightmare<\/a>?<\/p>\n<p>&#8220;The print spooler has been a popular target for vulnerabilities in the last 12 months, with this marking the ninth patch,&#8221; Kev Bream, Immersive Labs&#8217; director of cyber threat research told <em>The Register<\/em>. Successful exploit of CVE-2022-41125 could give an attacker SYSTEM privileges.<\/p>\n<p>&#8220;These kinds of privilege escalation vulnerabilities are almost always seen as a follow up to an initial compromise where threat actors will next seek to gain SYSTEM or Domain level access,&#8221; Bream added. &#8220;This higher level of access is required to disable or tamper with security monitoring tools before running credential attacks with tools like mimikatz that can allow attackers to move laterally across a network.&#8221;&nbsp;<\/p>\n<h3 class=\"crosshead\">SAP<\/h3>\n<p>SAP <a href=\"https:\/\/dam.sap.com\/mac\/app\/e\/pdf\/preview\/embed\/ucQrx6G?ltr=a&amp;rc=10\" rel=\"nofollow\">released<\/a> nine new patches and two updates to earlier fixes, including three Hot News (aka critical priority) notes.<\/p>\n<p>The worst of the bunch is a 9.9-rated critical vulnerability in SAP BusinessObjects tracked as CVE-2022-41203, which can lead to full compromise of the affected systems, so we&#8217;d suggested giving this one top priority.<\/p>\n<p>&#8220;The only reason why this vulnerability is not tagged with the maximum CVSS score of 10 is because it requires the attacker to have a minimum set of privileges in order to exploit it,&#8221; Onapsis&#8217; security researcher Thomas Fritsch <a href=\"https:\/\/onapsis.com\/blog\/sap-patch-day-november-2022\" rel=\"nofollow\">wrote<\/a>.<\/p>\n<p>A second Hot News note fixes two vulnerabilities, <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-20223\" rel=\"nofollow\">CVE-2021-20223<\/a> and CVE-2022-35737, with former being the more critical one with a 9.8 CVSS score.&nbsp;<\/p>\n<p>&#8220;This vulnerability enabled a remote attacker with minimal privileges to exploit the fact that SQLite treated NULL characters as tokens,&#8221; Fritsch explained. &#8220;This had the potential for considerable impact on confidentiality, integrity, and availability of all applications using SAPUI5.&#8221;<\/p>\n<p>The final Hot News note fixes CVE-2022-41204, an account hijacking vulnerability in SAP Commerce that received a 9.6 CVSS score. It was originally released last month, so if you patched it then you don&#8217;t need to take any action related to the updated note.<\/p>\n<h3 class=\"crosshead\">Intel and AMD<\/h3>\n<p>Intel, which hasn&#8217;t released any security updates since August, joined in November&#8217;s patchapalooza with <a href=\"https:\/\/www.intel.com\/content\/www\/us\/en\/security-center\/default.html\" rel=\"nofollow\">24 security advisories<\/a> addressing 57 CVEs.<\/p>\n<p>The most serious bugs of the bunch exist in some <a href=\"https:\/\/www.intel.com\/content\/www\/us\/en\/security-center\/advisory\/intel-sa-00752.html\" rel=\"nofollow\">Intel NUC BIOS firmware<\/a>, and may allow of escalation of privilege or denial of service. There&#8217;s 13 in total, and 12 of them are ranked high severity, with CVSS scores between 8.2 and 7.0 out of 10 in severity. Lucky No. 13 is considered medium, with a 5.2 CVSS score.<\/p>\n<p>AMD, meanwhile, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.amd.com\/en\/corporate\/product-security\/bulletin\/amd-sb-1040\">issued<\/a> a Spectre-related fix (severity medium), <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.amd.com\/en\/corporate\/product-security\/bulletin\/amd-sb-1029\">closed<\/a> holes in its graphics drivers (severity high and medium), <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.amd.com\/en\/corporate\/product-security\/bulletin\/amd-sb-1046\">squashed<\/a> crash bugs in its profiling tools, and <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.amd.com\/en\/corporate\/product-security\/bulletin\/amd-sb-1047\">patched<\/a> its Android app for streaming video to devices.<\/p>\n<h3 class=\"crosshead\">Google Android<\/h3>\n<p>Google this week <a href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/2022-11-01\" rel=\"nofollow\">announced<\/a> it fixed multiple vulnerabilities in its Android OS, none of which have been exploited in the wild \u2014&nbsp;at least not that it knows of.&nbsp;<\/p>\n<p>The most severe of these flaws was in the Framework component and could lead to local escalation of privilege with no additional execution privileges needed.<\/p>\n<p>&#8220;Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights,&#8221; according to a Center for Internet Security <a href=\"https:\/\/www.cisecurity.org\/advisory\/multiple-vulnerabilities-in-google-android-os-could-allow-for-privilege-escalation_2022-128\" rel=\"nofollow\">advisory<\/a>.&nbsp;<\/p>\n<h3 class=\"crosshead\">Citrix<\/h3>\n<p>Citrix <a href=\"https:\/\/support.citrix.com\/article\/CTX463706\/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516\" rel=\"nofollow\">disclosed<\/a> three bugs in the Citrix Gateway and Citrix ADC. One of these, tracked as CVE-2022-27510, is a critical authentication bypass flaw.<\/p>\n<p>&#8220;Note that only appliances that are operating as a Gateway (appliances using the SSL VPN functionality or deployed as an ICA proxy with authentication enabled) are affected by the [CVE-2022-27510] issue, which is rated as a critical severity vulnerability,&#8221; according to the advisory.<\/p>\n<p>It is understood this critical flaw can be exploited by an unauthenticated user to run published apps as a logged in, authenticated user.<\/p>\n<h3 class=\"crosshead\">Apple<\/h3>\n<p>And finally Apple <a href=\"https:\/\/support.apple.com\/en-us\/HT213496\" rel=\"nofollow\">released Xcode 14.1<\/a> with several security updates for macOS Monterey 12.5 and later. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34021\/Microsoft-Squashes-6-Security-Bugs-Already-Exploited-In-The-Wild.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[8395],"class_list":["post-49226","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-blogs","tag-headlinehackermicrosoftflawpatchzero-day"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft Squashes 6 Security Bugs Already Exploited In The Wild 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Squashes 6 Security Bugs Already Exploited In The Wild 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-09T13:32:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Microsoft Squashes 6 Security Bugs Already Exploited In The Wild\",\"datePublished\":\"2022-11-09T13:32:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\\\/\"},\"wordCount\":1206,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"keywords\":[\"headline,hacker,microsoft,flaw,patch,zero day\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\\\/\",\"name\":\"Microsoft Squashes 6 Security Bugs Already Exploited In The Wild 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2022-11-09T13:32:04+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,microsoft,flaw,patch,zero day\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermicrosoftflawpatchzero-day\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Microsoft Squashes 6 Security Bugs Already Exploited In The Wild\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Squashes 6 Security Bugs Already Exploited In The Wild 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Squashes 6 Security Bugs Already Exploited In The Wild 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-11-09T13:32:04+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Microsoft Squashes 6 Security Bugs Already Exploited In The Wild","datePublished":"2022-11-09T13:32:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/"},"wordCount":1206,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","keywords":["headline,hacker,microsoft,flaw,patch,zero day"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/","url":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/","name":"Microsoft Squashes 6 Security Bugs Already Exploited In The Wild 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2022-11-09T13:32:04+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y2wWPOBk06DsJs6rFTJzxwAAAEo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-6-security-bugs-already-exploited-in-the-wild\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,microsoft,flaw,patch,zero day","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermicrosoftflawpatchzero-day\/"},{"@type":"ListItem","position":3,"name":"Microsoft Squashes 6 Security Bugs Already Exploited In The Wild"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49226","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=49226"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49226\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=49226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=49226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=49226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}