Microsoft September 2022 Patch Tuesday fixed actively exploited zero-day Security Affairs

Microsoft released September 2022 Patch Tuesday security updates to address 64 flaws, including an actively exploited Windows zero-day.

Microsoft September 2022 Patch Tuesday security updates address 64 vulnerabilities, including an actively exploited Windows zero-day. The flaws fixed by the IT giant impact Microsoft Windows and Windows Components; Azure and Azure Arc; .NET and Visual Studio and .NET Framework; Microsoft Edge (Chromium-based); Office and Office Components; Windows Defender; and Linux Kernel (really). This is in addition to the 15 CVEs patched in Microsoft Edge (Chromium-based).

Of the 64 vulnerabilities addressed by Microsoft, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. This month’s Microsoft addressed two publicly disclosed zero-day vulnerabilities, only one of them was actively exploited in the wild at the time of release.

The issues include remote code execution, elevation of privilege, security feature bypass, information disclosure, denial of service, and Chromium Vulnerabilities.

The actively exploited zero-day vulnerability is tracked as CVE-2022-37969, is a Windows Common Log File System Driver Elevation of Privilege Vulnerability.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” reads Microsoft’s advisory. “An attacker must already have access and the ability to run code on the target system. This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system.”

Microsoft credited Quan Jin with DBAPPSecurity, Genwei Jiang with Mandiant, FLARE OTF, CrowdStrike, and Zscaler ThreatLabz for reporting this flaw.

The company did not share details about the attacks exploiting this vulnerability, however, there are no details at this time if it was used manually by threat actors or through malware.

The other publicly disclosed vulnerability, tracked as CVE-2022-23960, is an Arm Cache Speculation Restriction issue.

The full list of CVEs released by Microsoft for September 2022 Patch Tuesday security updates is available here, the most severe ones are:

CVE-2022-34700 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2022-35805 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2022-34721 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2022-34722 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2022-34718 Windows TCP/IP Remote Code Execution Vulnerability Critical 9.8 No No RCE

Below is the complete list of resolved vulnerabilities and released advisories in the September 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs hacking, Microsoft Patch Tuesday)




Leave a Comment