Microsoft Patches 63 Vulnerabilities, 2 0-Days & 30 RCEs
September 14, 2022
Microsoft Patches 63 Vulnerabilities, 2 0-Days & 30 RCEs
As part of September’s monthly security rollup updates, Microsoft has patched 2 actively exploited Zero-day and 30 remote code execution vulnerabilities.
Overall, Microsoft has patched 63 vulnerabilities across Windows, Windows Server, Office, Azure, Visual studio, and other products.
The Zero-Day Vulnerabilities
- CVE-2022-37969 (CVSS 3.1: 7.8, High Severity) –Windows Common Log File System Driver Elevation of Privilege Vulnerability. – actively exploited.
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. - CVE-2022-23960, (CVSS 3.1: 5.6, Medium Severity) – An Arm Cache Speculation Restriction Vulnerability, might allow the attacker to obtain sensitive information.
Microsoft also patched up a number of Critical RCE vulnerabilities in Microsoft Dynamics (CVE-2022-35805 , CVE-2022-34700), Windows IKE Extension (CVE-2022-34722 , CVE-2022-34721 ), Windows TCP/IP (CVE-2022-34718).
For the full patched vulnerabilities list, including the additional 25 RCEs, visit Microsoft September 2022 Security Updates.
Mitigation
CYREBRO recommends implementing the latest available Microsoft security/monthly rollup updates in all relevant systems as soon as possible.
References: Microsoft Sep 2022 Security Updates.