Microsoft released its monthly security update, Patch Tuesday, disclosing 63 vulnerabilities across the company’s hardware and software line, this month’s security update is observed to have a sharp decline from last month’s number of issues disclosed by Microsoft.
This month’s Security Update addresses five critical vulnerabilities which tend to allow Remote Code Execution which is ten fewer than were included in last month’s patch Tuesday. There are two moderate-severity vulnerabilities in this very release and one low-security issue. The remaining are classified as “Important,” which have Denial of Service (DOS), Elevation of Privilege, Information Disclosure, Remote Code Execution, and Security Feature Bypass per the advisory. A compiled list is available for reference below.
This month’s patch fixes 2 Zero-Day vulnerabilities, with one being designated as actively exploited* (CVE-2022-37969*, CVE-2022-23960) is said to be of Privilege Escalation and Cache Speculation Restriction, respectively. Along with this, Microsoft has speedily quashed 16 Microsoft Edge (Chromium Based)Vulnerabilities, of which one has been addressed as a Remote Code Execution (RCE) (CVE-2022-38012). The same was updated from September 1st to 3rd, 2022
Zero-Days Vulnerabilities
CVE-2022-37969 | Windows Common Log File System Driver Elevation Of Privilege Vulnerability
This vulnerability has a CVSSv3.1 score of 7.8. An attacker should have access and the ability to run code on the target system. Common social engineering delivery methods can be used to initiate attacks for bugs of this nature, such as sending specially crafted documents and convincing users to click on the document or link. An attacker who can successfully exploit this could gain SYSTEM privileges.
This vulnerability is being actively exploited as per the Exploit-ability Assessment by Microsoft.
CVE-2022-23960 | Cache Speculation Restriction Vulnerability
This vulnerability has a CVSSv3.1 score of 5.6.CVE-2022-23960 is regarding a vulnerability known as Specter-BHB. An attacker can trick users into downloading and opening a specially crafted presentation file. This CVE affects Windows 11 (ARM64-based system).
Please see Spectre-BHB on arm Developer for more information.
Critical Vulnerabilities
In this September 2022 Patch Tuesday, Microsoft has addressed five critical vulnerabilities.
CVE-2022-37956, CVE-2022-37957, and CVE-2022-37964 | Windows Kernel Elevation Privilege Vulnerability
CVE-2022-37956, CVE-2022-37957, and CVE-2022-37964 are clubbed under the Elevation of Privilege, which is supposed to affect the Windows Kernel. All three vulnerabilities have received a CVSSv3 score of 7.8. Microsoft advisory says a successful attack against this component will reward an attacker for gaining SYSTEM privileges.
As per the Exploit-ability by Microsoft, only CVE-2022-37957 has been designated as “Excitability More Likely.”
CVE-2022-34721 and CVE-2022-34722 | Windows Internet Key Exchange (IKE) Remote Execution Vulnerability.
CVE-2022-34721 and CVE-2022-34722 together are RCE vulnerabilities in the Windows IKE Protocol. Both have been given a CVSSv3 score of 9.8, and the Exploitability Assessment by Microsoft is “Less Likely.” An unauthenticated attacker could send a specially crafted IP packet to a target machine running Windows and IPSec enabled, enabling remote code execution exploitation. All Windows Servers are affected because they accept both V1 and V2 packets.
CVE-2022-37958 | Updated : New Flaw Discovered
As of December 21, 2022, CVE-2022-37958 severity has elevated from important to critical.
A new flaw has been discovered, which works like EternalBlue and could be exploited remotely without any authentication required. Reportedly the bug is “wormable,” which means it can self-replicate and laterally move to hit other vulnerable systems in the network.
The flaw in CVE-2022-37958 is not limited to the SPNEGO Mechanism, which resides in the Server Message Block (SMB) protocol. It can also affect RDP, SMTP, and HTTP.
Microsoft fixed the previously existing bug in September 2022 with its Patch Tuesday rollout, which also fixes this new flaw.
Microsoft Security Bulletin Summary for September 2022
- .NET and Visual Studio
- .NET Framework
- Azure
- Azure Arc
- Cache Speculation
- HTTP.sys
- Microsoft Dynamics
- Microsoft Edge (Chromium-based)
- Microsoft Graphics Component
- Microsoft Office
- Microsoft Office SharePoint
- Microsoft Office Visio
- Microsoft Windows ALPC
- Microsoft Windows Codecs Library
- Network Device Enrollment Service (NDES)
- Role: DNS Server
- Role: Windows Fax Service
- SPNEGO Extended Negotiation
- Visual Studio Code
- Windows Common Log File System Driver
- Windows Credential Roaming Service
- Windows Defender
- Windows Distributed File System (DFS)
- Windows DPAPI (Data Protection Application Programming Interface)
- Windows Enterprise App Management
- Windows Event Tracing
- Windows Group Policy
- Windows IKE Extension
- Windows Kerberos
- Windows Kernel
- Windows LDAP – Lightweight Directory Access Protocol
- Windows ODBC Driver
- Windows OLE
- Windows Photo Import API
- Windows Print Spooler Components
- Windows Remote Access Connection Manager
- Windows Remote Procedure Call
- Windows TCP/IP
- Windows Transport Security Layer (TLS)
Product: Microsoft Windows
CVEs/Advisory: CVE-2022-23960, CVE-2022-26928, CVE-2022-30170, CVE-2022-30196, CVE-2022-30200, CVE-2022-33647, CVE-2022-33679, CVE-2022-34718, CVE-2022-34719, CVE-2022-34720, CVE-2022-34721, CVE-2022-34722, CVE-2022-34723, CVE-2022-34724, CVE-2022-34725, CVE-2022-34726, CVE-2022-34727, CVE-2022-34728, CVE-2022-34729, CVE-2022-34730, CVE-2022-34731, CVE-2022-34732, CVE-2022-34733, CVE-2022-34734, CVE-2022-35803, CVE-2022-35830, CVE-2022-35831, CVE-2022-35832, CVE-2022-35833, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35837, CVE-2022-35838, CVE-2022-35840, CVE-2022-35841, CVE-2022-37954, CVE-2022-37955, CVE-2022-37956, CVE-2022-37957, CVE-2022-37958, CVE-2022-37959, CVE-2022-37969, CVE-2022-38004, CVE-2022-38005, CVE-2022-38006
Impact: Elevation of Privilege Security Feature Bypass Information Disclosure Remote Code Execution Denial of Service
KB’s: 5017367 5017305 5017370 5017377 5017365 5017327 5017315 5017308 5017316 5017328 5017392
Product: Microsoft Office
CVE/Advisory: CVE-2022-38010 CVE-2022-37962 CVE-2022-37963 CVE-2022-35823 CVE-2022-37961 CVE-2022-38008 CVE-2022-38009
Impact: Remote Code Execution
KB: 5002166 5002178 5002264 5002267 5002159 5002269 5002142 5002258 5002257 5002271 5002017 5002016 5002270
Product: Microsoft Edge (Chromium-based)
CVE/Advisory: CVE-2022-3075 CVE-2022-3058 CVE-2022-3057 CVE-2022-3056 CVE-2022-3055 CVE-2022-3054 CVE-2022-3053 CVE-2022-3047 CVE-2022-3046 CVE-2022-3045 CVE-2022-3044 CVE-2022-3041 CVE-2022-3040 CVE-2022-3039 CVE-2022-3038 CVE-2022-38012
SanerNow VM and SanerNow PM detect and automatically fix these vulnerabilities by applying security updates. Use SanerNow and keep your systems updated and secure.