www.belgium.be Logo of the federal government

WARNING: MICROSOFT PATCH TUESDAY SEPTEMBER 2022 PATCHES 62 VULNERABILITIES (5 CRITICAL, 57 IMPORTANT)

Referentie: 
Advisory #2022-025
Versie: 
1.0
Type: 
Several types, ranging from information disclosure to remote code execution and privilege escalation.
CVE/CVSS: 

Microsoft patched 62 CVEs in its June 2022 Patch Tuesday release, 5 rated as critical and 57 rated as important.

Number of CVE's per type

  • Remote Code Execution: 30
  • Elevation of Privileges: 18
  • Denial of Service: 7
  • Information Disclosure: 6
  • Security Feature Bypass: 1
Datum: 
14/09/2022

Bronnen

https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep

 

Risico’s

This month’s Patch Tuesday includes 3 critical and 53 important vulnerabilities for a wide range of Microsoft products, impacting Microsoft Server and Workstations.

CVE-2022-37969 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

This is a critical EoP vulnerability in the Windows Common Log File System (CLFS) Driver which is being exploited in the wild through publicly available exploit code. The vulnerability was disclosed before a patch was made available (0-Day).

The flaw is a privilege-escalation vulnerability that can be exploited after an attacker has gained access to a vulnerable target system by exploiting a separate vulnerability or through social engineering. 

CVE-2022-23960 - Cache Speculation Restriction Vulnerability

This vulnerability, which is actively being exploited in the wild, is a data-leaking speculation execution side-channel bug in ARM processors known a Spectre-BHB.

This CVE is a variant of the earlier Spectre v2 vulnerability discovered in March, which can be abused by malware to steal data from memory that should otherwise be off limits.

CVE-2022-34718 - Windows TCP/IP Remote Code Execution Vulnerability

This vulnerability is a Remote Code Execution (RCE) in Windows TCP/IP that could allow a remote, unauthenticated attacker to run code without any user interaction required. 

However, only systems with IPv6 enabled and IPSec configured are vulnerable.

CVE-2022-34721 & CVE-2022-34722 - Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could lead to a remote code execution exploitation.

This vulnerability only impacts IKEv1. IKEv2 is not impacted.

However, all Windows Servers are affected because they accept both V1 and V2 packets.

CVE-2022-38009 - Microsoft SharePoint Server Remote Code Execution Vulnerability

An authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server.

The attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.

 

Aanbevolen acties

The CCB recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Referenties

https://www.theregister.com/2022/09/13/microsoft_patch_tuesday_september_2022/
https://blog.qualys.com/vulnerabilities-threat-research/2022/09/13/september-2022-patch-tuesday
https://www.tenable.com/blog/microsofts-september-2022-patch-tuesday-addresses-62-cves-cve-2022-37969