Microsoft's Most Recent Security Update Fixes a Zero-Day and 64 New Flaws

Microsoft’s Most Recent Security Update released patches on Tuesday to address 64 new security holes in its software, including a zero-day vulnerability that has already been actively used in attacks.

Microsoft’s Most Recent Security Update | In terms of severity, five out of the 64 bugs are classified as Critical, 57 as Important, one as Moderate, and one as Low. The patches come on top of the 16 vulnerabilities that Microsoft patched in its Edge browser, which is based on Chromium, earlier this month. (update guide)

Bharat Jogi, Director of Vulnerability and Threat Research at Qualys, said in a statement that this Patch Tuesday may seem to have fewer CVEs released than other months.

However, MSFT fixed the 1000th CVE of 2022 this month, marking a significant achievement for the year likely to surpass 2021, which patched a total of 1,200 CVEs.

NEXT MASTERCLASS Cyber Security On A Budget: Protect Your Small Business From Hackers

CVE-2022-37969 (CVSS score: 7.8), a privilege escalation flaw in the Windows Common Log File System (CLFS) Driver, is the vulnerability in question that is actively exploited as hackers can gain SYSTEM privileges on an already compromised system.

“The target system must already be accessible to an attacker who is equipped to run code on it. If the attacker does not already have that capability on the target system, this technique does not permit remote code execution,” Microsoft stated in a warning.

According to Greg Wiseman, product manager at Rapid7, the tech giant gave credit to four different teams of researchers from CrowdStrike, DBAPPSecurity, Mandiant, and Zscaler for reporting the flaw, which may be a sign of widespread exploitation in the wild.

The CLFS component’s second actively exploited zero-day vulnerability is CVE-2022-37969 (CVSS score: 7.8), which follows CVE-2022-24521 (CVSS score: 7.8), which Microsoft fixed as part of its April 2022 Patch Tuesday updates.

It is not immediately clear if CVE-2022-37969 is a patch bypass for CVE-2022-24521. However, here are some additional noteworthy flaws:

• CVE-2022-34718 – Windows TCP/IP Remote Code Execution Vulnerability (CVSS score: 9.8)
• CVE-2022-34721 – Windows Internet Key Exchange (IKE) Protocol Extensions (CVSS score: 9.8) Code execution vulnerability when remote.
• Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability, CVE-2022-34722 (CVSS score: 9.8)
• CVE-2022-34700 (CVSS score: 8.8) – Remote Code Execution Vulnerability in Microsoft Dynamics 365 (on-premises).
• CVE-2022-35805 (CVSS score: 8.8) – Remote Code Execution Vulnerability in Microsoft Dynamics 365 (on-premises).

Microsoft stated in regards to CVE-2022-34721 and CVE-2022-34722 that

“an unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation.”

Microsoft’s Most Recent Security Update also fixed five privilege escalation bugs affecting Windows Kerberos and the Windows Kernel, in addition to 15 remote code execution flaws in the Microsoft ODBC Driver, Microsoft OLE DB Provider for SQL Server, and Microsoft SharePoint Server.

The Print Spooler module’s CVE-2022-38005 elevation of privilege vulnerability, with a CVSS score of 7.8, which could be exploited to gain SYSTEM-level permissions, was also patched in the September release, making it noteworthy.

Last but not least, a patch from chipmaker Arm for the Spectre-BHB (CVE-2022-23960) vulnerability, also known as Branch History Injection, is included in the plethora of security updates.

“This class of vulnerabilities poses a significant challenge to the organizations trying to mitigate, as they frequently call for updates to the operating systems, firmware, and in some cases, a recompilation of applications and hardening,”

Jogi said. In addition, an attacker could access sensitive data if they successfully exploit this kind of vulnerability.