CVE-2022-37968
published 2022-10-11CVE-2022-37968: Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an…
PriorityP269critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
2.59%
83.4th percentile
Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_arc-enabled_kubernetes | — | — |
| microsoft | azure_arc-enabled_kubernetes | — | — |
| microsoft | azure_arc-enabled_kubernetes | — | — |
| microsoft | azure_arc-enabled_kubernetes | — | — |
| microsoft | azure_arc-enabled_kubernetes_cluster_1.5.8 | >= 1.0.0 < 1.5.8 | 1.5.8 |
| microsoft | azure_arc-enabled_kubernetes_cluster_1.6.19 | >= 1.0.0 < 1.6.19 | 1.6.19 |
| microsoft | azure_arc-enabled_kubernetes_cluster_1.7.18 | >= 1.0.0 < 1.7.18 | 1.7.18 |
| microsoft | azure_arc-enabled_kubernetes_cluster_1.8.11 | >= 1.0.0 < 1.8.11 | 1.8.11 |
| microsoft | azure_stack_edge | >= 2.2.0 < 2.2.2088.5593 | 2.2.2088.5593 |
| msrc | azure_arc-enabled_kubernetes_cluster_1.5.8 | — | — |
| msrc | azure_arc-enabled_kubernetes_cluster_1.6.19 | — | — |
| msrc | azure_arc-enabled_kubernetes_cluster_1.7.18 | — | — |
| msrc | azure_arc-enabled_kubernetes_cluster_1.8.11 | — | — |
| msrc | azure_stack_edge | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attacker must know the randomly generated external DNS endpoint for an Azure Arc-enabled Kubernetes cluster; monitor for unexpected or anomalous external DNS resolution attempts targeting Arc cluster endpoints ↗
- →Exploitation targets the cluster connect feature of Azure Arc-enabled Kubernetes clusters; monitor cluster-connect API traffic for unauthenticated privilege escalation attempts or unexpected cluster-admin role bindings ↗
- →DNS discovery services may be used by attackers to enumerate Arc cluster endpoints; monitor for external DNS enumeration activity against Arc-related DNS namespaces ↗
- →Scope change impact extends beyond Azure Arc to connected Kubernetes clusters and Azure Stack Edge devices; monitor all three surfaces for unauthorized cluster-admin access ↗
- ·Vulnerability only affects Azure Arc-enabled Kubernetes agent versions below the fixed thresholds; patched versions are 1.5.8+, 1.6.19+, 1.7.18+, or 1.8.11+ (customers already on 1.8.14 are protected) ↗
- ·Azure Stack Edge devices are also in scope; the fix requires updating to the 2209 release (software version 2.2.2088.5593) ↗
- ·Auto-upgrade is enabled by default; customers who manually control updates must act — those with auto-upgrade already enabled are automatically protected ↗
- ·Exploitation is unauthenticated and internet-facing, requiring only knowledge of the randomly generated DNS endpoint — no credentials or prior access needed ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
vendor_msrc10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9cqg-4xp4-h354: Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
ghsa_unreviewed·2022-10-12
CVE-2022-37968 [CRITICAL] CWE-269 GHSA-9cqg-4xp4-h354: Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability.
Microsoft
Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
vendor_msrc·2022-10-11·CVSS 10.0
CVE-2022-37968 [CRITICAL] Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
Description: Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.
FAQ: How could an attacker exploit this vulnerability?
An attacker who knows the randomly generated external DNS endpoint for an Azure Arc-enabled Kubernetes cluster can exploit this vulnerability from the internet. Successful exploitation
No detection rules found.
No public exploits indexed.
Krebs
Microsoft Patch Tuesday, October 2022 Edition
blogs_krebs·2022-10-12·CVSS 10.0
CVE-2022-41033 [CRITICAL] Microsoft Patch Tuesday, October 2022 Edition
Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month’s Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server.
The new zero-day flaw– CVE-2022-41033 — is an “elevation of privilege” bug in the Windows COM+ event service, which provides system notifications when users logon or logoff. Microsoft says the flaw is being actively exploited, and that it was reported by an anonymous individual.
“Despite its relatively low score in comparison to other vulnerabilities patched today, this one should be at the
Krebs
Microsoft Patch Tuesday, October 2022 Edition
blogs_krebs·2022-10-11·CVSS 10.0
CVE-2022-41033 [CRITICAL] Microsoft Patch Tuesday, October 2022 Edition
Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month’s Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server .
The new zero-day flaw– CVE-2022-41033 — is an “elevation of privilege” bug in the Windows COM+ event service, which provides system notifications when users logon or logoff. Microsoft says the flaw is being actively exploited, and that it was reported by an anonymous individual.
“Despite its relatively low score in comparison to other vulnerabilities patched today, this one should be at th
Qualys
October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities With 13 Critical, Plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities With 17 Critical. | Qualys
blogs_qualys·2022-10-11·CVSS 7.8
[HIGH] October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities With 13 Critical, Plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities With 17 Critical. | Qualys
#### Table of Contents
- Microsoft Patch Tuesday Summary
- Microsoft Exchange ProxyNotShell Zero-Days Not Yet Addressed (QID 50122)
- The October 2022 Microsoft Vulnerabilities Are Classified As Follows:
- Two Zero-Day Vulnerabilities Addressed
- Microsoft Critical Vulnerability Highlights
- Microsoft Release Summary
- Microsoft Edge | Last But Not Least
- Adobe Security Bulletins and Advisories
- About Qualys Patch Tuesday
- Qualys Threat Research Blog Posts
- Qualys Threat Protection High-Rated Advisories
- Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response(VMDR)
- Rapid Response With Patch Management (PM)
- EXECUTE Mitigation Using Custom Assessment and Remediation (CAR)
- EVALUATE Vendor-Suggested Mitigation With Policy Compliance (PC)
- This Month
Qualys
October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities With 13 Critical, Plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities With 17 Critical.
blogs_qualys·2022-10-11·CVSS 7.8
[HIGH] October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities With 13 Critical, Plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities With 17 Critical.
## Table of Contents
Microsoft Patch Tuesday Summary
Microsoft Exchange ProxyNotShell Zero-Days Not Yet Addressed (QID 50122)
The October 2022 Microsoft Vulnerabilities Are Classified As Follows:
Two Zero-Day Vulnerabilities Addressed
Microsoft Critical Vulnerability Highlights
Microsoft Release Summary
Microsoft Edge | Last But Not Least
Adobe Security Bulletins and Advisories
About Qualys Patch Tuesday
Qualys Threat Research Blog Posts
Qualys Threat Protection High-Rated Advisories
Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response(VMDR)
Rapid Response With Patch Management (PM)
EXECUTE Mitigation Using Custom Assessment and Remediation (CAR)
EVALUATE Vendor-Suggested Mitigation With Policy Compliance (PC)
This Month in Vulnerabilities
Tenable
Microsoft’s October 2022 Patch Tuesday Addresses 84 CVEs (CVE-2022-41033)
blogs_tenable·2022-10-11·CVSS 7.8
[HIGH] Microsoft’s October 2022 Patch Tuesday Addresses 84 CVEs (CVE-2022-41033)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Talos
Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities
blogs_talos·2022-10-11·CVSS 8.1
CVE-2022-41038 [HIGH] Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including seven critical issues in Windows’ point-to-point tunneling protocol.
October's security update features 11 critical vulnerabilities, with the remainder being “important.”
One of the most notable vulnerabilities Microsoft fixed this month is CVE-2022-41038 , a remote code execution issue in Microsoft SharePoint. There are several other SharePoint vulnerabilities included in this month’s Patch Tuesday, though this seems the most severe, as Microsoft continues it to be “more likely” to be exploited.
An attacker must be authenticated to the target site with the
Talos
Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities
blogs_talos·2022-10-11·CVSS 8.1
CVE-2022-41038 [HIGH] Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including seven critical issues in Windows’ point-to-point tunneling protocol.
October's security update features 11 critical vulnerabilities, with the remainder being “important.”
One of the most notable vulnerabilities Microsoft fixed this month is CVE-2022-41038, a remote code execution issue in Microsoft SharePoint. There are several other SharePoint vulnerabilities included in this month’s Patch Tuesday, though this seems the most severe, as Microsoft continues it to be “more likely” to be exploited.
An attacker must be authenticated to the target site with the correct permissions to use manage lists in SharePoint to exploit this vulnerability, and
Crowdstrike
October Patch Tuesday 2022: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] October Patch Tuesday 2022: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
October Patch Tuesday 2022: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] October Patch Tuesday 2022: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2022-10-11
Published