Report Incident
× Home Cybertech Africa 2023 2 DPO Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

Alert: Microsoft Security Updates – October 2022

Microsoft released security updates to fix vulnerabilities in their software products that include, but not limited to:
 
  • Windows OS: 10 and 11
  • Windows Server: 2016, 2019, 2022
  • Microsoft Office: 2013, 2016, 2019, Microsoft 365
 
The released security updates fix multiple vulnerabilities, which include two zero-day vulnerabilities:
 
  • CVE-2022-41033: Windows COM + Event System Service Elevation of Privilege Vulnerability
  • CVE-2022-41043: Microsoft Office Disclosure Vulnerability
 
Security Risks
 
If the identified vulnerabilities in Microsoft products are not patched, authenticated attackers can remotely gain control of vulnerable systems and run malicious code with elevated privileges.
 
For the full list of security patches released by Microsoft, please refer to Microsoft Security Update Guide
 
Recommended Actions
 
The National Cyber Security Authority (NCSA) recommends users and system administrators to:
 
1. apply the latest security patches, as soon as possible, to prevent unauthorized control over unpatched systems;
 
2. upgrade immediately to the latest supported version of installed Microsoft software in order to continue receiving technical support and security patches.
 
The following Microsoft software products reached their end-of-life and need to be upgraded immediately:
 
  • Internet Explorer;
  • Windows Vista, XP, 8 and 7;
  • Windows Server 2003, 2003 RE, 2008, 2008 RE
 
3. Before any update task, ensure you have backup for your data.
 
For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009
 
References

Release Note – October 2022

13 October 2022

© 2024 National Cyber Security Authority