CVE-2022-41091

Published on: Not Yet Published

Last Modified on: 08/08/2023 02:21:00 PM UTC

CVE-2022-41091

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Certain versions of Windows 10 from Microsoft contain the following vulnerability:

Windows Mark of the Web Security Feature Bypass Vulnerability

CVE-2022-41091 has been assigned by secur[email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.4 - MEDIUM

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
NETWORK	LOW	NONE	REQUIRED
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	NONE	LOW	LOW

CVE References

Description	Tags ^ⓘ	Link
Microsoft November 2022 Patch Tuesday fixes 65 vulnerabilities!	www.secpod.com text/html	MISC www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/
Security Update Guide - Microsoft Security Response Center	portal.msrc.microsoft.com text/html	MISC portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41091
Security Update Guide - Microsoft Security Response Center	msrc.microsoft.com text/html	MISC msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41091

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

91956 Microsoft Windows Security Update for November 2022
91959 Microsoft Azure Stack Hub Security Updates for November 2022

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Microsoft	Windows 10	-	All	All	All
Operating System	Microsoft	Windows 10	1607	All	All	All
Operating System	Microsoft	Windows 10	1809	All	All	All
Operating System	Microsoft	Windows 10	20h2	All	All	All
Operating System	Microsoft	Windows 10	21h1	All	All	All
Operating System	Microsoft	Windows 10	21h2	All	All	All
Operating System	Microsoft	Windows 10	22h2	All	All	All
Operating System	Microsoft	Windows 11	-	All	All	All
Operating System	Microsoft	Windows 11	-	All	All	All
Operating System	Microsoft	Windows 11	22h2	All	All	All
Operating System	Microsoft	Windows 11	22h2	All	All	All
Operating System	Microsoft	Windows Server 2016	-	All	All	All
Operating System	Microsoft	Windows Server 2019	-	All	All	All
Operating System	Microsoft	Windows Server 2022	-	All	All	All
Operating System	Microsoft	Windows Server 2022	-	All	All	All

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*:
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*:
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*:
cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*:
cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*:
cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*:
cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:*:*:
cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*:
cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*:
cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:arm64:*:
cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:x64:*:
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*:
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*:
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*:
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:datacenter\:_azure:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@KevTheHermit	CVE-2022-41091 - 5.4 - Windows Mark of the Web Security Feature Bypass Vulnerability	2022-11-08 18:01:53
@wdormann	It's time to reveal the #ZippyReads CVE-2022-41091 3-word description: read-only files When you zip a read-only fil… twitter.com/i/web/status/1…	2022-11-08 18:10:07
@SophosXOps	Exploitation: One vulnerability (CVE-2022-41091, a Mark of the Web bypass bug) has been publicly disclosed and expl… twitter.com/i/web/status/1…	2022-11-08 18:12:47
@EditorsIntel	Windows Mark of the Web vulnerability (CVE-2022-41091) one among four 0-days for which Microsoft released a patch t… twitter.com/i/web/status/1…	2022-11-08 18:49:49
@JRoosen	Guess this was the reason we were seeing so many ISO/IMG and Read-Only zipped files. At least CVE-2022-41091 is pat… twitter.com/i/web/status/1…	2022-11-08 19:41:49
@helpnetsecurity	Microsoft fixes many zero-days under attack - helpnetsecurity.com/2022/11/08/cve… - @wdormann @GossiTheDog @thezdi… twitter.com/i/web/status/1…	2022-11-08 19:56:24
@mrgretzky	MS just released a patch and assigned CVE-2022-41091. Write-up dropping in 3... 2... 1...	2022-11-08 20:06:46
@mrgretzky	Microsoft has just released a patch for ZIP MOTW vulnerability assigned as CVE-2022-41091. I am happy to be able t… twitter.com/i/web/status/1…	2022-11-08 20:17:03
@foxbook	「マイクロソフトは、攻撃を受けている多くのゼロデイを修正します」 helpnetsecurity.com/2022/11/08/cve…	2022-11-08 20:18:41
@foxbook	「2022 年 11 月の月例パッチが公開され、CVE-2022-41091、Windows Mark of the Web バイパスの欠陥、ProxyNotShell MS Exchange の脆弱性など、実際に悪用されている多くの脆弱性が修正されています。」	2022-11-08 20:18:42
@ChiNetworks	Microsoft fixes many zero-days under attack helpnetsecurity.com/2022/11/08/cve… #microsoft #patchtuesday #zeroday #0day… twitter.com/i/web/status/1…	2022-11-08 21:43:43
@ipssignatures	The vuln CVE-2022-41091 has a tweet created 0 days ago and retweeted 13 times. twitter.com/JRoosen/status… #pow1rtrtwwcve	2022-11-08 22:06:00
@ipssignatures	The vuln CVE-2022-41091 has a tweet created 0 days ago and retweeted 10 times. twitter.com/BleepinCompute… #pow1rtrtwwcve	2022-11-08 22:06:02
@TheCyberSecHub	Microsoft fixes many zero-days under attack helpnetsecurity.com/2022/11/08/cve…	2022-11-09 00:29:59
@jefstratiou	Off the top: Microsoft fixes many zero-days under attack - Help Net Security helpnetsecurity.com/2022/11/08/cve…, see more tweetedtimes.com/jefstratiou?s=…	2022-11-09 00:32:24
@EurekaBerry	パッチ公開前に悪用を確認しているのはWindows4件、 CVE-2022-41091 CVE-2022-41073 CVE-2022-41125 CVE-2022-41128 Exchange 2件 (9/30公開済み） CVE… twitter.com/i/web/status/1…	2022-11-09 01:02:46
@kawn2020	#windowsupdate #microsoft 悪用を確認済み：4 件・CVE-2022-41073　Windows 印刷スプーラの特権の昇格の脆弱性・CVE-2022-41091　Windows Mark Of The… twitter.com/i/web/status/1…	2022-11-09 02:14:45
@kawn2020	#windowsupdate #microsoft つづき・CVE-2022-41128　Windows スクリプト言語のリモートでコードが実行される脆弱性なお，CVE-2022-41091 については，すでに脆弱性情報が一般に公開されていたことを確認済	2022-11-09 02:42:16
@__kokumoto	マイクロソフトの2022年11月定例パッチが公開。68件の脆弱性が修正。 4件のゼロデイも: -CVE-2022-41128 JScript9における遠隔コード実行（Google TAGから） -CVE-2022-41091 M… twitter.com/i/web/status/1…	2022-11-09 03:48:31
@Sh1n_K_NO_S01aR	Microsoft 製品の脆弱性対策について(2022年11月)：IPA 独立行政法人情報処理推進機構＞この内 CVE-2022-41091、CVE-2022-41073、CVE-2022-41125、CVE-2022-41… twitter.com/i/web/status/1…	2022-11-09 05:05:07
@th4ts3cur1ty	helpnetsecurity.com/2022/11/08/cve…	2022-11-09 09:05:11
@CVEtrends	Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2022-41091: 3.3M (audience size) CVE-2022-41073: 1.7M CVE-2022-411… twitter.com/i/web/status/1…	2022-11-09 14:00:02
@ColorTokensInc	Emerging Vulnerability Found CVE-2022-41091 - Windows Mark of the Web Security Feature Bypass Vulnerability. This C… twitter.com/i/web/status/1…	2022-11-09 22:27:32
@wdormann	CVE-2022-41091 : Windows does not apply MotW to the contents of ISO and similar containers. CVE-2022-41049 : Window… twitter.com/i/web/status/1…	2022-11-10 01:17:19
/r/UIC	Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41091)	2022-11-08 20:51:05
/r/k12cybersecurity	MS-ISAC CYBERSECURITY ADVISORY - Critical Patches Issued for Microsoft Products, November 8, 2022 - PATCH: NOW	2022-11-09 13:58:02
/r/netcve	CVE-2022-41091	2022-11-09 22:38:37
/r/spixnet_gmbh_official	Microsoft fixes many zero-days under attack	2022-11-12 05:02:39