September Patch Tuesday 2022
September update from Microsoft resolves 63 security vulnerabilities including one Zero Day vulnerability (CVE-2022-37969) and one publicly disclosed vulnerability (CVE-2022-23960). This month’s updates affect the Windows Operating System, Office, SharePoint, .Net Framework, Windows Defender and several windows components.
Zero day vulnerability
Microsoft resolved an Elevation of Privilege vulnerability in Windows Common Log File System Driver (CVE-2022-37969) that has been confirmed to be exploited and publicly disclosed. The vulnerability affects all Windows OS versions.
If exploited, the attacker could gain SYSTEM privileges. The attack does require the attacker to have access and ability to run code on the target system but chaining multiple vulnerabilities in an attack is common enough practice that this should be considered a minor barrier for threat actors.
The vulnerability is rated as Important, but with multiple vendors acknowledged for the coordinated disclosure and confirmed exploits in the wild this vulnerability should be treated as a Critical severity due to the risk.
Exploitation has already been detected and additional information could have been disclosed making it easier for additional attackers to take advantage of the vulnerability.
Publicly disclosed vulnerability
Microsoft has resolved a vulnerability in ARM based Windows 11 systems that could allow Cache Speculation Restriction (CVE-2022-23960). The vulnerability, also known as Spectre-BHB, is yet another side-channel speculation vulnerability specifically in ARM processors.
Other CVEs to note
A Remote Code Execution vulnerability in Windows TCP/IP (CVE-2022-34718) could be targeted by an unauthenticated attacker meaning it could be “wormable” and earned it a CVSS base score of 9.8. The vulnerability only affects systems running IPSec with IPv6 enabled. This vulnerability has some nasty potential and warrants attention.
There is a Print Spooler Elevation of Privilege vulnerability (CVE-2022-38005) resolved this month. Since PrintNightmare, there have been several additional Print Spooler vulnerabilities resolved. Some have caused additional challenges for certain vendors and models of printers.
If you have experienced challenges, it would be good to test this update with some additional care to ensure no issues affect your environment.
A Elevation of Privilege vulnerability (CVE-2022-38007) in Azure ARC and Azure Guest Configuration could allow an attacker to replace Microsoft-shipped code with their own code. This could allow the attacker’s code to be run as root as a daemon in the context of the affected service.