Microsoft addressed ProxyNotShell with November Patch Tuesday

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

Microsoft addressed six zero-day vulnerabilities in this patch Tuesday, along with other significant vulnerabilities that could lead to Remote Code Execution, Information Disclosure, and Denial of Service. The actively exploited CVE-2022-41128 RCE bug affects Windows JScript9 Scripting Languages. A remote attacker can deceive the victim into visiting a malicious website, resulting in memory corruption and remote code execution on the compromised system.