Microsoft addressed ProxyNotShell with November Patch Tuesday
Microsoft addressed ProxyNotShell with November Patch Tuesday
Threat Level
Vulnerability Report
For a detailed threat advisory, download the pdf file here
Summary
Microsoft addressed six zero-day vulnerabilities in this patch Tuesday, along with other significant vulnerabilities that could lead to Remote Code Execution, Information Disclosure, and Denial of Service. The actively exploited CVE-2022-41128 RCE bug affects Windows JScript9 Scripting Languages. A remote attacker can deceive the victim into visiting a malicious website, resulting in memory corruption and remote code execution on the compromised system.