Microsoft’s September 2022 Patch Tuesday Addresses 62 CVEs...

Microsoft’s September 2022 Patch Tuesday Addresses 62 CVEs

On September 13, Microsoft released its September 2022 Patch Tuesday release which patched 62 CVEs with five rated as critical and 57 rated as important.

In this month’s release, Microsoft addressed CVE-2022-37969, an Elevation of Privilege vulnerability in the Windows Common Log File System Driver that has been exploited in the wild. Microsoft also notes that this flaw has been publicly disclosed prior to a patch being available.

This is a post-exploitation vulnerability, meaning it can be exploited after an attacker has gained access to a vulnerable target system via other means, including exploiting a separate vulnerability or through social engineering. They could do so using a malicious executable containing exploit code.

This month’s update includes patches for:

• .NET and Visual Studio
• .NET Framework
• Azure
• Azure Arc
• Cache Speculation
• HTTP.sys
• Microsoft Dynamics
• Microsoft Edge (Chromium-based)
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Windows ALPC
• Microsoft Windows Codecs Library
• Network Device Enrollment Service (NDES)
• Role: DNS Server
• Role: Windows Fax Service
• SPNEGO Extended Negotiation
• Visual Studio Code
• Windows Common Log File System Driver
• Windows Credential Roaming Service
• Windows Defender
• Windows Distributed File System (DFS)
• Windows DPAPI (Data Protection Application Programming Interface)
• Windows Enterprise App Management
• Windows Event Tracing
• Windows Group Policy
• Windows IKE Extension
• Windows Kerberos
• Windows Kernel
• Windows LDAP - Lightweight Directory Access Protocol
• Windows ODBC Driver
• Windows OLE
• Windows Photo Import API
• Windows Print Spooler Components
• Windows Remote Access Connection Manager
• Windows Remote Procedure Call
• Windows TCP/IP
• Windows Transport Security Layer (TLS)

For more information, please visit our blog.