This week, Microsoft has rolled out its month-to-month Patch Tuesday replace bundle for September 2022. The replace bundle addresses 84 safety vulnerabilities however consists of fewer critical-severity bugs. Home windows customers ought to guarantee they replace their units on the earliest.
4 Important Vulnerability Fixes
With September Patch Tuesday, Microsoft has two crucial distant code execution vulnerabilities within the Home windows Community File System. An authenticated attacker might exploit these vulnerabilities, CVE-2022-22029 and CVE-2022-22039, by making a specifically crafted name to the NFS.
Microsoft has labeled them crucial severity flaws that achieved CVSS scores of 8.1 and seven.5, respectively. For CVE-2022-22029, the tech big has additionally shared detailed mitigations to deal with the flaw when an instantaneous system replace isn’t potential.
Microsoft has additionally patched two different crucial safety bugs that would permit RCE assaults. These embody,
- CVE-2022-22038 (CVSS 8.1): RCE vulnerability in Distant Process Name Runtime. Exploiting the flaw required an attacker to ship fixed knowledge for repeated exploitation makes an attempt.
- CVE-2022-30221 (CVSS 8.8): RCE flaw in Home windows Graphics Part. An attacker might exploit the vulnerability by tricking the goal person into connecting to a malicious RDP server.
Different Microsoft September Patch Tuesday
Alongside the 4 crucial severity vulnerabilities, Microsoft has mounted 80 different necessary severity vulnerabilities throughout varied merchandise.
These embody an actively exploited vulnerability, CVE-2022-22047, within the Home windows Shopper Server Runtime Subsystem (CSRSS). The tech big has described it as a privilege escalation flaw (CVSS 7.8), giving SYSTEM privileges to an attacker.
Microsoft has confirmed detecting lively exploitation of the vulnerability sans public disclosure. Nonetheless, they haven’t defined something in regards to the nature of assaults, the goal techniques, and different particulars.
As well as, Microsoft has additionally addressed two different privilege escalation flaws in Home windows CSRSS. Nonetheless, each the vulnerabilities, CVE-2022-22026 and CVE-2022-22049, remained beneath the radar, ditching lively exploits.
The opposite susceptible parts receiving safety fixes with the September replace embody Microsoft Defender for Endpoint, Microsoft Workplace, Skype for Enterprise, Home windows BitLocker, Boot Supervisor, Hyper-V, Home windows DNS Server, Home windows IIS Server, and extra.
Whereas the updates ought to routinely attain the respective units, it’s nonetheless beneficial for the customers to test for system updates manually to keep away from delayed patches.
Tell us your ideas within the feedback.