{"id":38819,"date":"2022-10-17T12:06:54","date_gmt":"2022-10-17T11:06:54","guid":{"rendered":"https:\/\/www.n-able.com\/?p=38819"},"modified":"2023-03-21T14:06:33","modified_gmt":"2023-03-21T14:06:33","slug":"patch-tuesday-october-2022","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022","title":{"rendered":"Patch Tuesday October 2022: ProxyNotShell, Fortinet and enough Zero-days to keep everyone busy"},"content":{"rendered":"

Before October\u2019s Patch Tuesday even arrived, earlier in the week there was a rush of mitigations for FortiOS, FortiProxy, FortiSwitchManager, and Microsoft Exchange Server Zero-Days being implemented by admins and security teams. Add to this two new Zero-Days addressed by Microsoft updates, previous Zero-Days remaining unpatched, Zero-Days under active exploitation, 13 Microsoft vulnerabilities marked critical, and 15 marked as exploitation more likely and it\u2019s likely IT teams will need a little hustle in their step to keep up this month.<\/span><\/p>\n

Microsoft Vulnerabilities\u00a0<\/span><\/span><\/h2>\n

A total of 84 vulnerabilities are addressed within this Microsoft Patch Tuesday. While this represents a slight uptick compared to last month, the risk exposure created by newly announced Zero-Days and un-patched Zero-Day vulnerabilites is quite an escalation. This is one of those months where just applying all available updates isn\u2019t going to be enough to see you through.<\/span><\/p>\n

CVE-2022-41043<\/a><\/span> is a Microsoft Office Information Disclosure Vulnerability Zero-Day. Since it\u2019s rated as low severity, exploitation is less likely, a fix was issued for it this month and it apparently only affects Microsoft Office 2019 and 2021 for Mac, there isn\u2019t too much to be concerned about around this vulnerability.\u00a0<\/span><\/span><\/p>\n

CVE-2022-41033<\/a><\/span> is an escalation of privilege vulnerability under active exploitation that allows an attacker to gain SYSTEM privilege. There is not much additional information on this vulnerability as yet, outside of it being the only actively exploited vulnerability receiving a patch this month.<\/span><\/p>\n

The big headliners for the month though are CVE-2022-41040<\/span><\/a> and CVE-2022-41082<\/span><\/a>. These can be chained together to allow remote code execution against Microsoft Exchange Servers. The \u2018celebrity\u2019 name for the vulnerabilities is ProxyNotShell\u2014this may be a familiar to some because of ProxyShell, a similar vulnerability from 2021. Just as ProxyShell caused a lot of havoc, ProxyNotShell looks likely to follow in its footsteps as it is currently under active exploitation. ProxyNotShell did not receive any security updates or fixes as part of October\u2019s Patch Tuesday, so if you\u2019re looking for a better understanding of what it is and what you should do, check out Kevin Beaumont\u2019s (@GossiTheDog<\/span><\/a>) great write-up here<\/span><\/a>. Microsoft\u2019s current guidance is to apply their recommended mitigations<\/span><\/a>. If you were waiting for Microsoft to release a fix via Windows Update you\u2019re out of luck and should be prioritizing applying mitigations today.<\/span><\/p>\n

There are also three escalation of privilege vulnerabilities affecting Microsoft Exchange Server that received fixes this month. Your Exchange admins have quite a prioritization list this month.\u00a0<\/span><\/span><\/p>\n

Microsoft Patch Tuesday Vulnerability Prioritization<\/span><\/h2>\n

October\u2019s Patch Tuesday is a great reminder that sometimes you can\u2019t just wait for an automated fix to come down the line. At times you\u2019ve got to roll-up your sleeves and apply manual remediations. Patch management solutions<\/span><\/a> can make our lives easier, but they can\u2019t handle dealing with all vulnerabilities. ProxyNotShell should be priority one for any Exchange admins, with the other Exchange vulnerabilities being addressed with regular security updates.\u00a0<\/span><\/span><\/p>\n

Critical Severity, Exploitation More Likely, and Exploitation Detected vulnerabilities as always should be ranking fairly high on your priority list. If you only patch based on severity you are leaving a lot of unnecessary risk exposure lying around.\u00a0<\/span><\/span><\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\n

CVE<\/b><\/span><\/p>\n<\/td>\n

\n

Description<\/b><\/span><\/p>\n<\/td>\n

\n

Severity<\/b><\/span><\/p>\n<\/td>\n

\n

\u00a0Exploitability<\/b><\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-21980<\/a><\/span><\/p>\n<\/td>\n

\n

Microsoft Exchange Server Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

Important<\/span><\/p>\n<\/td>\n

\n

\u00a0Exploitation More Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-24516<\/a><\/span><\/p>\n<\/td>\n

\n

Microsoft Exchange Server Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

Important<\/span><\/p>\n<\/td>\n

\n

\u00a0Exploitation More Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-24477<\/a><\/span><\/p>\n<\/td>\n

\n

Microsoft Exchange Server Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

Important<\/span><\/p>\n<\/td>\n

\n

Exploitation More Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-34689<\/a><\/span><\/p>\n<\/td>\n

\n

Windows CryptoAPI Spoofing Vulnerability<\/span><\/p>\n<\/td>\n

\n

Critical<\/span><\/p>\n<\/td>\n

\n

Exploitation More Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-37970<\/a><\/span><\/p>\n<\/td>\n

\n

Windows DWM Core Library Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

Important<\/span><\/p>\n<\/td>\n

\n

Exploitation More Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-37987<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Client Server Run-time Subsystem (CSRSS)
\nElevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

Important<\/span><\/p>\n<\/td>\n

\n

Exploitation More Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-38050<\/a><\/span><\/p>\n<\/td>\n

\n

Win32k Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

Important<\/span><\/p>\n<\/td>\n

\n

Exploitation More Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-38051<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Graphics Component Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

Important<\/span><\/p>\n<\/td>\n

\n

Exploitation More Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-41036<\/a><\/span><\/p>\n<\/td>\n

\n

Microsoft SharePoint Server Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

Important<\/span><\/p>\n<\/td>\n

\n

Exploitation More Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-37974<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Mixed Reality Developer Tools Information Disclosure Vulnerability<\/span><\/p>\n<\/td>\n

\n

Important<\/span><\/p>\n<\/td>\n

\n

Exploitation More Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-38028<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Print Spooler Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

Important<\/span><\/p>\n<\/td>\n

\n

Exploitation More Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-37989<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Client Server Run-time Subsystem (CSRSS)
\nElevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

Important<\/span><\/p>\n<\/td>\n

\n

Exploitation More Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-37997<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Graphics Component Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

Important<\/span><\/p>\n<\/td>\n

\n

Exploitation More Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-38053<\/a><\/span><\/p>\n<\/td>\n

\n

Microsoft SharePoint Server Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

Important<\/span><\/p>\n<\/td>\n

\n

Exploitation More Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-41038<\/a><\/span><\/p>\n<\/td>\n

\n

Microsoft SharePoint Server Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

Critical<\/span><\/p>\n<\/td>\n

\n

Exploitation More Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-37968<\/a><\/span><\/p>\n<\/td>\n

\n

Azure Arc-enabled Kubernetes cluster Connect
\nElevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

Critical<\/span><\/p>\n<\/td>\n

\n

Exploitation
\nLess Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-38048<\/a><\/span><\/p>\n<\/td>\n

\n

Microsoft Office Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

Critical<\/span><\/p>\n<\/td>\n

\n

Exploitation
\nLess Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-37979<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Hyper-V Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

Critical<\/span><\/p>\n<\/td>\n

\n

Exploitation
\nLess Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-37976<\/a><\/span><\/p>\n<\/td>\n

\n

Active Directory Certificate Services
\nElevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

Critical<\/span><\/p>\n<\/td>\n

\n

Exploitation
\nLess Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-33634<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Point-to-Point Tunneling Protocol
\nRemote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

Critical<\/span><\/p>\n<\/td>\n

\n

Exploitation
\nLess Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-22035<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Point-to-Point Tunneling Protocol
\nRemote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

Critical<\/span><\/p>\n<\/td>\n

\n

Exploitation
\nLess Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-24504<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Point-to-Point Tunneling Protocol
\nRemote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

Critical<\/span><\/p>\n<\/td>\n

\n

Exploitation
\nLess Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-38047<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Point-to-Point Tunneling Protocol
\nRemote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

Critical<\/span><\/p>\n<\/td>\n

\n

Exploitation
\nLess Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-41081<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Point-to-Point Tunneling Protocol
\nRemote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

Critical<\/span><\/p>\n<\/td>\n

\n

Exploitation
\nLess Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-30198<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Point-to-Point Tunneling Protocol
\nRemote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

Critical<\/span><\/p>\n<\/td>\n

\n

Exploitation
\nLess Likely<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-38000<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Point-to-Point Tunneling Protocol
\nRemote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

Critical<\/span><\/p>\n<\/td>\n

\n

Exploitation
\nLess Likely<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Cumulative Updates<\/span><\/h2>\n

The cumulative updates were released for current builds of Windows 10 with\u00a0KB5018410<\/span><\/a> and KB5018427<\/span><\/a> for Windows 11. Containing the usual rollup of fixes from previous months and including Servicing Stack Updates in the CU should make these easy to rollout. The Windows 11 CU includes numerous fixes for 30 bugs, but fails to resolve a performance issue that occurs when copying files over SMB that was first introduced with Windows 11 22H2 update. Go old-school and use xcopy or robocopy as a workaround if you are still seeing this performance impact.<\/span><\/p>\n

Other Vendors<\/span><\/h2>\n

Fortinet also announced an authentication bypass affecting FortiGate firewalls, FortiProxy, and FortiSwitchManager. CVE-2022-40684<\/span><\/a> allows an attacker to perform administrative actions on those devices. This is under active exploitation and affects multiple versions of FortiOS, FortiProxy, and FortiSwitchManager. If you have Fortinet appliances deployed then updating firmware should be high on your prioritization list.\u00a0<\/span><\/span><\/p>\n

Summary<\/span><\/h2>\n

As always make sure you have established patching processes for evaluation, testing and pushing into production. If you have traditionally only dealt with patches by applying them based on their severity consider including prioritization of patches for Zero-Days, Exploitation Detected, and Exploitation More Likely vulnerabilities in your Patch Management<\/span><\/a> routines.\u00a0<\/span><\/span><\/p>\n

\u00a0<\/span><\/p>\n

Looking for more information on Patch Management? Check out\u00a0<\/b>this section<\/b><\/span><\/a>\u00a0on our blog.<\/b><\/span><\/p>\n

Lewis Pope is the Head Security Nerd at N‑able. You can follow him on Twitter:\u00a0<\/i>@cybersec_nerd<\/i><\/span><\/a><\/span><\/p>\n

LinkedIn:\u00a0<\/i>thesecuritypope<\/i><\/span><\/a><\/span><\/p>\n

Twitch:\u00a0<\/i>cybersec_nerd<\/i><\/span><\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

This month\u2019s Microsoft Patch Tuesday sees a small uptick in actual vulnerabilities addressed, but a big escalation in risk exposure. Lewis Pope looks takes a detailed look.<\/p>\n","protected":false},"author":62,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-38819","post","type-post","status-publish","format-standard","hentry","topic-head-nerds","topic-patch-management","topic-security"],"acf":[],"yoast_head":"\nPatch Tuesday October 2022: ProxyNotShell, Fortinet and enough Zero-days to keep everyone busy - N-able<\/title>\n<meta name=\"description\" content=\"October's Microsoft Patch Tuesday sees a small uptick in actual vulnerabilities addressed, but a big escalation in risk exposure. Read more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Patch Tuesday October 2022: ProxyNotShell, Fortinet and enough Zero-days to keep everyone busy - N-able\" \/>\n<meta property=\"og:description\" content=\"October's Microsoft Patch Tuesday sees a small uptick in actual vulnerabilities addressed, but a big escalation in risk exposure. Read more.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-17T11:06:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-03-21T14:06:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2022\/08\/220809_blogbanner_PatchTuesday_ss-03.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2500\" \/>\n\t<meta property=\"og:image:height\" content=\"1309\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Lewis Pope\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2022\/08\/220809_blogbanner_PatchTuesday_ss-03.png\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lewis Pope\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022\"},\"author\":{\"name\":\"Lewis Pope\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\"},\"headline\":\"Patch Tuesday October 2022: ProxyNotShell, Fortinet and enough Zero-days to keep everyone busy\",\"datePublished\":\"2022-10-17T12:06:54+01:00\",\"dateModified\":\"2023-03-21T14:06:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022\"},\"wordCount\":1128,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\"},\"articleSection\":[\"Head Nerds\",\"Patch Management\",\"Security\"],\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022\",\"url\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022\",\"name\":\"Patch Tuesday October 2022: ProxyNotShell, Fortinet and enough Zero-days to keep everyone busy - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#website\"},\"datePublished\":\"2022-10-17T12:06:54+01:00\",\"dateModified\":\"2023-03-21T14:06:33+00:00\",\"description\":\"October's Microsoft Patch Tuesday sees a small uptick in actual vulnerabilities addressed, but a big escalation in risk exposure. Read more.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Head Nerds\",\"item\":\"https:\/\/www.n-able.com\/it\/blog\/category\/head-nerds-it\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Patch Tuesday October 2022: ProxyNotShell, Fortinet and enough Zero-days to keep everyone busy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/it\/#website\",\"url\":\"https:\/\/www.n-able.com\/it\/\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\",\"name\":\"Lewis Pope\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"caption\":\"Lewis Pope\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Patch Tuesday October 2022: ProxyNotShell, Fortinet and enough Zero-days to keep everyone busy - N-able","description":"October's Microsoft Patch Tuesday sees a small uptick in actual vulnerabilities addressed, but a big escalation in risk exposure. Read more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022","og_locale":"it_IT","og_type":"article","og_title":"Patch Tuesday October 2022: ProxyNotShell, Fortinet and enough Zero-days to keep everyone busy - N-able","og_description":"October's Microsoft Patch Tuesday sees a small uptick in actual vulnerabilities addressed, but a big escalation in risk exposure. Read more.","og_url":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2022-10-17T11:06:54+00:00","article_modified_time":"2023-03-21T14:06:33+00:00","og_image":[{"width":2500,"height":1309,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2022\/08\/220809_blogbanner_PatchTuesday_ss-03.png","type":"image\/png"}],"author":"Lewis Pope","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.n-able.com\/wp-content\/uploads\/2022\/08\/220809_blogbanner_PatchTuesday_ss-03.png","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Scritto da":"Lewis Pope","Tempo di lettura stimato":"5 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022"},"author":{"name":"Lewis Pope","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae"},"headline":"Patch Tuesday October 2022: ProxyNotShell, Fortinet and enough Zero-days to keep everyone busy","datePublished":"2022-10-17T12:06:54+01:00","dateModified":"2023-03-21T14:06:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022"},"wordCount":1128,"publisher":{"@id":"https:\/\/www.n-able.com\/it\/#organization"},"articleSection":["Head Nerds","Patch Management","Security"],"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022","url":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022","name":"Patch Tuesday October 2022: ProxyNotShell, Fortinet and enough Zero-days to keep everyone busy - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/it\/#website"},"datePublished":"2022-10-17T12:06:54+01:00","dateModified":"2023-03-21T14:06:33+00:00","description":"October's Microsoft Patch Tuesday sees a small uptick in actual vulnerabilities addressed, but a big escalation in risk exposure. Read more.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-october-2022#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Head Nerds","item":"https:\/\/www.n-able.com\/it\/blog\/category\/head-nerds-it"},{"@type":"ListItem","position":2,"name":"Patch Tuesday October 2022: ProxyNotShell, Fortinet and enough Zero-days to keep everyone busy"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/it\/#website","url":"https:\/\/www.n-able.com\/it\/","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/it\/#organization","name":"N-able","url":"https:\/\/www.n-able.com\/it\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae","name":"Lewis Pope","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","caption":"Lewis Pope"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts\/38819","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/comments?post=38819"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts\/38819\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/media?parent=38819"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}