September 2022 Patch Tuesday is right here, with fixes for 64 CVE-numbered vulnerabilities in varied Microsoft merchandise, together with one zero-day (CVE-2022-37969) exploited by attackers.
About CVE-2022-37969
CVE-2022-37969 is an elevation of privilege vulnerability within the Home windows Widespread Log File System (CLFS) Driver, and an attacker should have already got entry and the power to run code on the goal system (e.g., by exploiting one other vulnerability or by way of social engineering) earlier than making an attempt to set off it.
“Publish-exploitation flaws similar to this one are sometimes exploited by way of a specifically crafted software,” says Satnam Narang, senior employees analysis engineer at Tenable.
He additionally identified that CVE-2022-24521, the same vulnerability in CLFS, was patched earlier this 12 months as a part of Microsoft’s April Patch Tuesday launch and was additionally exploited within the wild – “although it’s unclear at this level if CVE-2022-37969 is a patch-bypass for CVE-2022-24521.”
CVE-2022-24521 was flagged by the U.S. Nationwide Safety Company and researchers from CrowdStrike. CVE-2022-37969 was disclosed by researchers from 4 totally different safety corporations and this, in line with Zero Day Initiative’s Dustin Childs, signifies that it’s doubtless that the assaults during which it’s exploited aren’t simply focused.
Different vulnerabilities to prioritize
Childs advises admins to additionally prioritize fixing CVE-2022-34724, a Home windows DNS Server Denial of Service Vulnerability, attributable to its potential affect to enterprise assets; and CVE-2022-34718, a RCE vulnerability in Home windows TCP/IP that might be triggered with out person interplay.
“That formally places it into the ‘wormable’ class and earns it a CVSS ranking of 9.8. Nonetheless, solely techniques with IPv6 enabled and IPSec configured are weak. Whereas excellent news for some, in the event you’re utilizing IPv6 (as many are), you’re in all probability working IPSec as effectively. Positively take a look at and deploy this replace shortly,” he added.
Microsoft has additionally patched two RCEs (CVE-2022-34721, CVE-2022-34722) within the Home windows Web Key Alternate (IKE) Protocol that may be exploited by way of a specifically crafted IP packet if the goal machine has IPSec enabled.
Lastly, there’s a repair for a cache hypothesis vulnerability referred to as Spectre-BHB (CVE-2022-23960) affecting Home windows 11 for ARM64-based Methods, important fixes for a number of SharePoint RCEs, and even for a PowerPoint RCE that may be exploited if an attacker tips customers into downloading and opening a specifically crafted presentation file.
Supply hyperlink