Microsoft patched 64 vulnerabilities on September Patch Tuesday

Microsoft patched 64 vulnerabilities on September Patch Tuesday

Microsoft’s September Patch Tuesday update September 13 arrived late on schedule and five were critical this month Common vulnerabilities and exposures (CVEs) and an actively used zero-day, among a total of 64 bug fixes.

Zero days, track as CVE-2022-37969, a privilege elevation vulnerability in the Windows Common Log file system driver. It affects all versions of Windows and, if successfully exploited, could allow an attacker to gain system-level privileges.

Microsoft said the zero-day was reported by four separate individuals or organizations independently of each other, indicating that its exploit could be widespread. However, it is only rated as critical, with a CVSS score of 7.8, because it requires a threat actor to authenticate, but that does not make it any less dangerous.

Attacks require the attacker to have access to and the ability to execute code on the target system, but chaining multiple vulnerabilities in an attack is common enough that it should be considered a small obstacle for threat actors,” said Chris Gottle, vice-president of security products. Ivanti.

The September drop contained a second publicly disclosed but apparently unpatched vulnerability in ARM-based Windows 11 systems that could allow cache inference limitations. It is being tracked as CVE-2022-23960, and is also known as Spectre-BHB. It’s a variant of Specter v2, which has been reinvented several times and has been dabbling on different processor architectures for five years at this point.

“This class of vulnerabilities is a major headache for organizations trying to mitigate,” said Bharat Yogi, director of vulnerability and threat research. Qualis, “as they often require recompilation and hardening updates to operating systems, firmware and, in some cases, applications. If an attacker successfully exploits such a vulnerability, they can gain access to sensitive information.”

Other critical vulnerabilities patched yesterday are as follows:

  • CVE-2022-34700Remote code execution (RCE) vulnerability in Microsoft Dynamics 365 (on-prem).
  • CVE-2022-34718An RCE vulnerability in Windows TCP/IP.
  • CVE-2022-34721An RCE vulnerability in the Windows Internet Key Exchange (IKE) protocol extension.
  • CVE-2022-34722A second RCE vulnerability in the Windows IKE protocol extension.
  • CVE-2022-35805An RCE vulnerability in Microsoft Dynamics CRM (on-prem).

Assessing some of these serious weaknesses, Mike Walters, president and co-founder Action 1, a remote monitoring and management expert said: “CVE-2022-34722 and CVE-2022-34721…both have low exploit complexity and allow threat actors to attack without any user interaction…no exploits or PoCs detected yet wild; However, installing the fix is ​​highly advisable,” he said.

Walter also alerted security teams to pay attention CVE-2022-34724A denial of service vulnerability in Windows DNS servers, which he said was likely to be exploited.

“It’s a network attack with low complexity, but it only affects systems that are running IPsec services, so if a system doesn’t need IPsec services, disable them as soon as possible,” he said. “This vulnerability could be exploited in a supply chain attack where contractor and customer networks are connected by an IPsec tunnel. If you have IPsec tunnels in your Windows infrastructure, this update is a must.”

Cave Breen Off Immersive Lab He also highlighted some SharePoint RCE vulnerabilities that he said put SharePoint installations on the priority list for organizations.

track as CVE-2022-35823, CVE-2022-38008, CVE-2022-38009And CVE-2022-37961 An attacker, however, would need authenticated access with the ability to edit existing content. This type of vulnerability would likely be exploited by an attacker who already has the initial foothold to move laterally across the network,” Brain said.

“This could affect organizations that use SharePoint for internal wikis or document stores. Attackers could exploit this vulnerability for macros to steal confidential information, replace documents with newer versions that contain malicious code, or infect other systems.”

Finally, Evanti’s Chris Gottle points out two other bugs of note: “A print spooler elevation of privilege vulnerability exists – CVE-2022-38005 – Solved this month. From Print Nightmare, there are several additional print spooler vulnerabilities fixed. Some pose additional challenges for certain vendors and printer models. If you’re experiencing challenges, it’s a good idea to test this update with some extra care to make sure there aren’t any issues in your environment.

A height of privilege vulnerability – CVE-2022-38007 – Azure ARC and Azure guest configurations could allow an attacker to replace Microsoft-shipped code with their own code. This could allow an attacker’s code to run as root as a daemon in the context of the affected service.”



Source link

Leave a Comment

Watch the Dior Spring Summer’23 fashion show #DIORSS23 Basketball Wives star Brooke Bailey announces daughter passes away in car accident Fortnite Season 3 Ends And Season 4 Begins Chrissy Teigen: I Didn’t Have A Miscarriage, I Had An Abortion ‘To Save My Life’ Don’t Worry Darling movie review
%d bloggers like this: