Cyber Round-up

Microsoft Patch Tuesday: September 2022

September 22, 2022

Microsoft Patch Tuesday

Microsoft Patch Tuesday: September 2022

The September Microsoft Patch Tuesday has arrived, addressing a total of 63 vulnerabilities, a significant decrease from the 121 seen last month. Only 5 have been scored as critical with 2 publicly disclosed and 1 being exploited in the wild.

September's instalment includes patches for some key services such as:

  • Azure Arc
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Office
  • Network Device Enrollment Service (NDES)
  • Role: DNS Server
  • Role: Windows Fax Service
  • Visual Studio Code
  • Windows Defender
  • Windows Distributed File System (DFS)
  • Windows Enterprise App Management
  • Windows Kerberos
  • Windows Kernel
  • Windows LDAP - Lightweight Directory Access Protocol
  • Windows Remote Access Connection Manager
  • Windows TCP/IP
  • Windows Transport Security Layer (TLS)

CVE-2022-37969: Windows Common Log File System Driver Elevation of Privilege Vulnerability

This important vulnerability has been publicly disclosed and has been seen in the wild. With a CVSS of 7.8, successful exploitation of this vulnerability would allow an attacker to gain system privileges. Some measures need to be met before this can occur; an attacker would need access to the target system and the ability to run code upon it before this can be exploited.

CVE-2022-23960: Arm Cache Speculation Restriction Vulnerability

Known as Spectre-BHB, this vulnerability affects Windows 11 for ARM64-based Systems and is the second publicly disclosed vulnerability this month. Known since March 2022 to researchers, the exploitation can cause speculation caused by mispredicted branches that can be used to cause cache allocation, which can then be used to infer information that should not be accessible.

CVE-2022-34718: Windows TCP/IP Remote Code Execution Vulnerability

Scoring a worrying CVSS of 9.8 this critical remote code execution vulnerability in the Windows TCP/IP service could allow an unauthenticated attacker to send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine. As this vulnerability can be exploited over a network without any authentication it has the potential to be wormable. This means malware can exploit this vulnerability and it does not require human interaction to spread its attack surface to another vulnerable system. Luckily, only systems with the IPSec service running and IPv6 enabled are vulnerable to this attack.

For a full list of this month’s updates please see the links below:

Patch Tuesday release notes: https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep

Security update guide: https://msrc.microsoft.com/update-guide/

Author

Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.

Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.

Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.

SUBSCRIBE

Ironshare is a provider of Information and Cyber Security services.

we went with; wizard pi