Skip to Content

Microsoft’s September Patch Tuesday Addresses 60+ Vulnerabilities

[Updated on 22 September 2022] Microsoft warns of zero-day affecting all versions of Windows

Microsoft is warning of a zero-day vulnerability affecting all versions of Windows that the company disclosed last week as part of Patch Tuesday. Since the initial disclosure, the U.S. Cybersecurity and Infrastructure Security Agency warned federal agencies to patch for the vulnerability in Windows Common Log File System Driver as soon as possible. CVE-2022-37969 could enable an attacker to establish SYSTEM-level privileges, which could be used to make changes on the targeted device or use those privileges to execute follow-on attacks. Microsoft warned that users running Windows 11 and earlier, and Windows Server 2008 and Windows Server 2012, are affected.

Read more in

[Updated on 16 September 2022] Microsoft discloses 64 new vulnerabilities in monthly security update

On Tuesday, September 23, Microsoft released patches for 64 vulnerabilities in a variety of products. The batch of fixes includes five critical flaws and an important privilege elevation vulnerability in the Windows Common Log File System Driver that is being actively exploited. (Ed: This vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog.)

Microsoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company’s hardware and software line, a sharp decline from the record number of issues Microsoft disclosed last month. September’s security update features five critical vulnerabilities, 10 fewer than were included in last month’s Patch Tuesday. There are two moderate-severity vulnerabilities in this release, as well as a low-security issue that’s already been patched as a part of a recent Google Chromium update. The remainder are considered “important.” The most serious vulnerability exists in several versions of Windows Server and Windows 10 that could allow an attacker to gain the ability to execute remote code (RCE) by sending a singular, specially crafted IPv6 packet to a Windows node where IPSec is enabled. CVE-2022-34718 only affects instances that have IPSec enabled. This vulnerability has a severity score of 9.8 out of 10 and is considered “more likely” to be exploited by Microsoft. CVE-2022-34721 and CVE-2022-34722 also have severity scores of 9.8, though they are “less likely” to be exploited, according to Microsoft. These are remote code execution vulnerabilities in the Windows Internet Key Exchange protocol that could be triggered if an attacker sends a specially crafted IP packet. Read more: Microsoft Patch Tuesday for September 2022 — Snort rules and prominent vulnerabilities

Note

  • A PoC exploit has been released for one of the critical IKE vulnerabilities. These vulnerabilities have a lot of potential to cause havoc, and the only thing saving us here is that the two attacked features, IPSEC and IPv6, are not widely deployed.
  • It’s September, students are back in school, we’re back from vacations, ready to ease back into work – not so much this week. Microsoft, Apple and Adobe have all released updates to critical vulnerabilities you need to jump on. Don’t panic – make sure you’ve got backups in case you need to roll back and start your deployment as usual. The five critical flaws for Windows have CVSS scores from 7.8 to 9.8, don’t be fooled, CVE-2022-34718 is wormable, CVE-2022-37869 is privilege escalation, CVE-2022-35085 a similar flaw more easily exploited, CVE-2022-34718 allows an unauthenticated attacker to execute code with privileges, and lastly CVE-2022-37969 fixes a possible bypass scenario to a prior patch of the Windows Log system.
  • The number of vulnerabilities that Microsoft patches each month might suggest that they are very good at finding vulnerabilities. However, patching is both an expensive and risky way to achieve essential quality. Much better to detect the vulnerabilities as part of the quality control process.

Read more in

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.